General

  • Target

    69KVWczH7Sk3t1fZmb5O.exe

  • Size

    663KB

  • Sample

    210505-wkdzxygmea

  • MD5

    e93a68bc0e34d9fb8d76345379215b85

  • SHA1

    c5c105c21e408b4a8b79a10878f25e71825a4d57

  • SHA256

    72263e12f9edd11806a77c99a41569ed4acc043873cf8bac45974426e56b4652

  • SHA512

    87fca8c273c956588fb52cfcb88fdbd7fb76a60ac0b3976814deef0416101b0b65d3e0e4f69ab6a7995922c7e077e5b959b098ae006c02952111588a12bdd0a4

Malware Config

Extracted

Family

cryptbot

C2

jusodd52.top

mortij05.top

Attributes
  • payload_url

    http://filiva07.top/download.php?file=lv.exe

Targets

    • Target

      69KVWczH7Sk3t1fZmb5O.exe

    • Size

      663KB

    • MD5

      e93a68bc0e34d9fb8d76345379215b85

    • SHA1

      c5c105c21e408b4a8b79a10878f25e71825a4d57

    • SHA256

      72263e12f9edd11806a77c99a41569ed4acc043873cf8bac45974426e56b4652

    • SHA512

      87fca8c273c956588fb52cfcb88fdbd7fb76a60ac0b3976814deef0416101b0b65d3e0e4f69ab6a7995922c7e077e5b959b098ae006c02952111588a12bdd0a4

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks