General

  • Target

    acf5a0702538d69871c917a13a45effbcc2dd9161578b.exe

  • Size

    744KB

  • Sample

    210505-zpe4y79pvx

  • MD5

    133e64e417a18aa63318a7568506f612

  • SHA1

    5b52a1c1775fa6de222eb1ab74e1e2727bdcfa22

  • SHA256

    acf5a0702538d69871c917a13a45effbcc2dd9161578b270a6b56f8447062dbf

  • SHA512

    8f09b3ecfad1af2f6604947a372ce8002bd4f27dec78277142cd9dd6c7f9bb4e76aacb724e93113a436dce5018bd3f1254e7a1fbc256a698fadbf9486098a340

Malware Config

Extracted

Family

cryptbot

C2

eostco22.top

morczs02.top

Attributes
  • payload_url

    http://agnyzg02.top/download.php?file=lv.exe

Targets

    • Target

      acf5a0702538d69871c917a13a45effbcc2dd9161578b.exe

    • Size

      744KB

    • MD5

      133e64e417a18aa63318a7568506f612

    • SHA1

      5b52a1c1775fa6de222eb1ab74e1e2727bdcfa22

    • SHA256

      acf5a0702538d69871c917a13a45effbcc2dd9161578b270a6b56f8447062dbf

    • SHA512

      8f09b3ecfad1af2f6604947a372ce8002bd4f27dec78277142cd9dd6c7f9bb4e76aacb724e93113a436dce5018bd3f1254e7a1fbc256a698fadbf9486098a340

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot Payload

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks