General

  • Target

    37af093677d53ea9a210a36b3b766731.exe

  • Size

    737KB

  • Sample

    210517-82h6k9srxs

  • MD5

    37af093677d53ea9a210a36b3b766731

  • SHA1

    2000ad695b87dfc18a5210dbbd50d60423be83b6

  • SHA256

    039e69327e8da04224180c5d43571608eb86108b76aad6c2980e076958119700

  • SHA512

    8fa0360d052719e8da1b46248b33570e027bbb773ed763148960b3934b4a0eb3a1a47cce72a06f253c313a9c00453fa5cea627edf2136e761c2759c8b0b69193

Malware Config

Extracted

Family

cryptbot

C2

remrew72.top

morkis07.top

Targets

    • Target

      37af093677d53ea9a210a36b3b766731.exe

    • Size

      737KB

    • MD5

      37af093677d53ea9a210a36b3b766731

    • SHA1

      2000ad695b87dfc18a5210dbbd50d60423be83b6

    • SHA256

      039e69327e8da04224180c5d43571608eb86108b76aad6c2980e076958119700

    • SHA512

      8fa0360d052719e8da1b46248b33570e027bbb773ed763148960b3934b4a0eb3a1a47cce72a06f253c313a9c00453fa5cea627edf2136e761c2759c8b0b69193

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks