Overview

overview

10

Static

static

24e43fbe77...in.exe

windows7_x64

8

24e43fbe77...in.exe

windows10_x64

10

Resubmissions

05-07-2021 17:47

210705-1p2sjaphes 10

27-05-2021 14:10

210527-ar62acaq4a 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    24e43fbe7752e30765786d4b49a489ae15d0543b00cb049f13388142cb45cc42.bin

  • Size

    1.9MB

  • Sample

    210527-ar62acaq4a

  • MD5

    abd35d575a95891bac53ec57e8d33ccd

  • SHA1

    78078d9d1c867fca632ccac4fec5bfc65230f1ab

  • SHA256

    24e43fbe7752e30765786d4b49a489ae15d0543b00cb049f13388142cb45cc42

  • SHA512

    6036f6ad53f5b525f7ff2f48d1924d63fcac520dcfd57bba8288317e7bdd8c75470a2f050b16483e62143ac5090a7250e56b0030e89d7279d9b1998122429bd3

Score
10/10
cryptbotdiscoveryspywarestealer

Malware Config

Targets

    • Target

      24e43fbe7752e30765786d4b49a489ae15d0543b00cb049f13388142cb45cc42.bin

    • Size

      1.9MB

    • MD5

      abd35d575a95891bac53ec57e8d33ccd

    • SHA1

      78078d9d1c867fca632ccac4fec5bfc65230f1ab

    • SHA256

      24e43fbe7752e30765786d4b49a489ae15d0543b00cb049f13388142cb45cc42

    • SHA512

      6036f6ad53f5b525f7ff2f48d1924d63fcac520dcfd57bba8288317e7bdd8c75470a2f050b16483e62143ac5090a7250e56b0030e89d7279d9b1998122429bd3

    Score
    10/10
    cryptbotdiscoveryspywarestealer

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

      spywarestealercryptbot

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks