Description
A C++ stealer distributed widely in bundle with other software.
General
Target
Size
Sample
24e43fbe7752e30765786d4b49a489ae15d0543b00cb049f13388142cb45cc42.bin
1MB
210527-ar62acaq4a
Score
10/10
MD5
SHA1
SHA256
SHA512
abd35d575a95891bac53ec57e8d33ccd
78078d9d1c867fca632ccac4fec5bfc65230f1ab
24e43fbe7752e30765786d4b49a489ae15d0543b00cb049f13388142cb45cc42
6036f6ad53f5b525f7ff2f48d1924d63fcac520dcfd57bba8288317e7bdd8c75470a2f050b16483e62143ac5090a7250e56b0030e89d7279d9b1998122429bd3
Malware Config
Targets
Target
MD5
Filesize
24e43fbe7752e30765786d4b49a489ae15d0543b00cb049f13388142cb45cc42.bin
abd35d575a95891bac53ec57e8d33ccd
1MB
Score
10/10
SHA1
SHA256
SHA512
78078d9d1c867fca632ccac4fec5bfc65230f1ab
24e43fbe7752e30765786d4b49a489ae15d0543b00cb049f13388142cb45cc42
6036f6ad53f5b525f7ff2f48d1924d63fcac520dcfd57bba8288317e7bdd8c75470a2f050b16483e62143ac5090a7250e56b0030e89d7279d9b1998122429bd3
Tags
Signatures
-
CryptBot
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Accesses cryptocurrency files/wallets, possible credential harvesting
Tags
TTPs
-
Checks installed software on the system
Description
Looks up Uninstall key entries in the registry to enumerate software on the system.
Tags
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks
static1
Score
N/A
behavioral1
Score
8/10
behavioral2
Score
10/10