General
-
Target
5eadc3d4c02b8b1ea765adca519d9031.exe
-
Size
742KB
-
Sample
210504-rmtelnxlsx
-
MD5
5eadc3d4c02b8b1ea765adca519d9031
-
SHA1
5729f9d4549a3dc388dfd17470279377a9e1692c
-
SHA256
a74f7f37ceedc57d0b8024d1e92efd40b023f8fce090dc80853f9ba88f61e7bb
-
SHA512
5f54548e44c2db3defa159003ae63cf52516b2be41a4582f932f898784f14a3699af1952db4c43b153f5b4e71b6864bd4696952fa4c4a319235e7e5d70228eda
Static task
static1
Behavioral task
behavioral1
Sample
5eadc3d4c02b8b1ea765adca519d9031.exe
Resource
win7v20210408
Malware Config
Extracted
cryptbot
jusvyg72.top
morioa07.top
Targets
-
-
Target
5eadc3d4c02b8b1ea765adca519d9031.exe
-
Size
742KB
-
MD5
5eadc3d4c02b8b1ea765adca519d9031
-
SHA1
5729f9d4549a3dc388dfd17470279377a9e1692c
-
SHA256
a74f7f37ceedc57d0b8024d1e92efd40b023f8fce090dc80853f9ba88f61e7bb
-
SHA512
5f54548e44c2db3defa159003ae63cf52516b2be41a4582f932f898784f14a3699af1952db4c43b153f5b4e71b6864bd4696952fa4c4a319235e7e5d70228eda
-
CryptBot Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-