General

  • Target

    88d72c7267e4bd769e27280525a6de98fd5c9e1689f2d.exe

  • Size

    783KB

  • Sample

    210506-zvrvvhcrrx

  • MD5

    39af410be83df2ea318ff40ebd292201

  • SHA1

    dce9ff4751b9f65eb7614d389188ff1f4aca885c

  • SHA256

    88d72c7267e4bd769e27280525a6de98fd5c9e1689f2d91e1fc818b868b348f8

  • SHA512

    43a184e8e3ee3cb030dcf4b53f1ea9b8d579865f336c49d81e15828d46889c9e0dd157076d0bc33f79ac9be73bd5a9c6270285faaff6f4c270d4ab13ec532c17

Malware Config

Extracted

Family

cryptbot

C2

eoslyp42.top

morlrq04.top

Targets

    • Target

      88d72c7267e4bd769e27280525a6de98fd5c9e1689f2d.exe

    • Size

      783KB

    • MD5

      39af410be83df2ea318ff40ebd292201

    • SHA1

      dce9ff4751b9f65eb7614d389188ff1f4aca885c

    • SHA256

      88d72c7267e4bd769e27280525a6de98fd5c9e1689f2d91e1fc818b868b348f8

    • SHA512

      43a184e8e3ee3cb030dcf4b53f1ea9b8d579865f336c49d81e15828d46889c9e0dd157076d0bc33f79ac9be73bd5a9c6270285faaff6f4c270d4ab13ec532c17

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot Payload

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks