General
-
Target
69KVWczH7Sk3t1fZmb5O.exe
-
Size
663KB
-
Sample
210505-wkdzxygmea
-
MD5
e93a68bc0e34d9fb8d76345379215b85
-
SHA1
c5c105c21e408b4a8b79a10878f25e71825a4d57
-
SHA256
72263e12f9edd11806a77c99a41569ed4acc043873cf8bac45974426e56b4652
-
SHA512
87fca8c273c956588fb52cfcb88fdbd7fb76a60ac0b3976814deef0416101b0b65d3e0e4f69ab6a7995922c7e077e5b959b098ae006c02952111588a12bdd0a4
Static task
static1
Behavioral task
behavioral1
Sample
69KVWczH7Sk3t1fZmb5O.exe
Resource
win7v20210410
Malware Config
Extracted
cryptbot
jusodd52.top
mortij05.top
-
payload_url
http://filiva07.top/download.php?file=lv.exe
Targets
-
-
Target
69KVWczH7Sk3t1fZmb5O.exe
-
Size
663KB
-
MD5
e93a68bc0e34d9fb8d76345379215b85
-
SHA1
c5c105c21e408b4a8b79a10878f25e71825a4d57
-
SHA256
72263e12f9edd11806a77c99a41569ed4acc043873cf8bac45974426e56b4652
-
SHA512
87fca8c273c956588fb52cfcb88fdbd7fb76a60ac0b3976814deef0416101b0b65d3e0e4f69ab6a7995922c7e077e5b959b098ae006c02952111588a12bdd0a4
-
CryptBot Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-