cryptbot | 82a634123b202b7960b6cc3b52125352a2006e40cc2ccf3d62c1519191981e71 | Triage

Submit
Reports

Overview

overview

Static

static

fc0701924a...f6.exe

windows7_x64

fc0701924a...f6.exe

windows10_x64

Sharing

General

Target

fc0701924aed7be6e65f20c16d222ef6
Size

392KB
Sample

211205-mzjw8sfbb2
MD5

fc0701924aed7be6e65f20c16d222ef6
SHA1

c04d8dee265d5ed32f30f9bf466b6d2676dae4eb
SHA256

82a634123b202b7960b6cc3b52125352a2006e40cc2ccf3d62c1519191981e71
SHA512

eea30d68123f94587d324a58a31f51bba985bd2750607a8615f370cd2c79b73ace4ea7ec00a3e6a009118064169859f150cf5e489d587454cbaa2b0f42234aee

Score

10^/10

cryptbot discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

fc0701924aed7be6e65f20c16d222ef6.exe

Resource

win7-en-20211104

cryptbot spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

fc0701924aed7be6e65f20c16d222ef6.exe

Resource

win10-en-20211014

cryptbot discovery spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

cryptbot

C2

unic12m.top

unic12e.top

Targets

- Target
  
  fc0701924aed7be6e65f20c16d222ef6
- Size
  
  392KB
- MD5
  
  fc0701924aed7be6e65f20c16d222ef6
- SHA1
  
  c04d8dee265d5ed32f30f9bf466b6d2676dae4eb
- SHA256
  
  82a634123b202b7960b6cc3b52125352a2006e40cc2ccf3d62c1519191981e71
- SHA512
  
  eea30d68123f94587d324a58a31f51bba985bd2750607a8615f370cd2c79b73ace4ea7ec00a3e6a009118064169859f150cf5e489d587454cbaa2b0f42234aee
Score

10^/10

cryptbot spyware stealer discovery
- CryptBot
  A C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptbotspywarestealer

behavioral2

cryptbotdiscoveryspywarestealer

© 2018-2024

Terms | Privacy