cryptbot | 07efd513a02e8c30296f7b73488d9a74796849787df14af028266cd79c89d51f | Triage

Submit
Reports

Overview

overview

Static

static

3aa1f98b27...24.exe

windows7_x64

3aa1f98b27...24.exe

windows10_x64

Sharing

General

Target

3aa1f98b275f4e2d8febb9e4478c5524.exe
Size

758KB
Sample

210727-57ev81dlk6
MD5

3aa1f98b275f4e2d8febb9e4478c5524
SHA1

112cdacb64629da494eee7cac8b3a7b606e78bfe
SHA256

07efd513a02e8c30296f7b73488d9a74796849787df14af028266cd79c89d51f
SHA512

b7ca79b24281d0b94668ec8812a725f5c084efd9901c353aafd51d76055e708bc66302367c0b4ebb4546b4f314983bb6160a5ba507b4601513d19e8aa6b11130

Score

10^/10

cryptbot discovery spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

3aa1f98b275f4e2d8febb9e4478c5524.exe

Resource

win7v20210408

cryptbot spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3aa1f98b275f4e2d8febb9e4478c5524.exe

Resource

win10v20210408

cryptbot discovery spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

cryptbot

C2

ewaisg12.top

morvay01.top

Attributes

payload_url
http://winezo01.top/download.php?file=lv.exe

Targets

- Target
  
  3aa1f98b275f4e2d8febb9e4478c5524.exe
- Size
  
  758KB
- MD5
  
  3aa1f98b275f4e2d8febb9e4478c5524
- SHA1
  
  112cdacb64629da494eee7cac8b3a7b606e78bfe
- SHA256
  
  07efd513a02e8c30296f7b73488d9a74796849787df14af028266cd79c89d51f
- SHA512
  
  b7ca79b24281d0b94668ec8812a725f5c084efd9901c353aafd51d76055e708bc66302367c0b4ebb4546b4f314983bb6160a5ba507b4601513d19e8aa6b11130
Score

10^/10

cryptbot spyware stealer discovery suricata
- CryptBot
  A C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- CryptBot Payload
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

cryptbotspywarestealer

behavioral2

cryptbotdiscoveryspywarestealersuricata

© 2018-2024

Terms | Privacy