General

  • Target

    33ac62453b6354be87cf6d5232c91ab08d9b5195ae654.exe

  • Size

    750KB

  • Sample

    210507-a2g1j4a4m6

  • MD5

    f724b9eb89cf8bda2bc06422b818d069

  • SHA1

    dc4477511d2008667763a61b2fa37fad3666dc45

  • SHA256

    33ac62453b6354be87cf6d5232c91ab08d9b5195ae6548ac143e6cb6b20d6308

  • SHA512

    160b81bdfce10aa8357e5e436fb928ba41daa5f3eefcd352e7eabc09c6b7c96f50ac1379703befd56e867ef28d9bc193db6ccae4ff02a0da7ba792080a06e7b3

Malware Config

Extracted

Family

cryptbot

C2

eosbej52.top

morwxi05.top

Targets

    • Target

      33ac62453b6354be87cf6d5232c91ab08d9b5195ae654.exe

    • Size

      750KB

    • MD5

      f724b9eb89cf8bda2bc06422b818d069

    • SHA1

      dc4477511d2008667763a61b2fa37fad3666dc45

    • SHA256

      33ac62453b6354be87cf6d5232c91ab08d9b5195ae6548ac143e6cb6b20d6308

    • SHA512

      160b81bdfce10aa8357e5e436fb928ba41daa5f3eefcd352e7eabc09c6b7c96f50ac1379703befd56e867ef28d9bc193db6ccae4ff02a0da7ba792080a06e7b3

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks