General
-
Target
Setup 1638787059534.zip
-
Size
1.3MB
-
Sample
211207-p4lyhacbc5
-
MD5
9be05d1869cb727772bc5ca0e05c067a
-
SHA1
5fe1c51a2e51ec68250ac2636e027d8bfd9ff754
-
SHA256
b42e4aff193d3dff35d7e9abc4a18115f73fc8b6c26e6cb5aab35739dbdfc6fd
-
SHA512
4c6be136bbbeeafb7497d673c796e0da46c40b2a256b5392e1f1690adcaa82ebe1ee95ac489cf4f8ae62817abce1c4b408b10e7733e4144408d2eec3cc3679a6
Malware Config
Extracted
cryptbot
gomjhz21.top
morbuq02.top
-
payload_url
http://peuhaf03.top/download.php?file=syrupy.exe
Targets
-
-
Target
Setup.exe
-
Size
3.4MB
-
MD5
5a02e11c9b2e87933afb8d566701479e
-
SHA1
60796e5d527e8df5e0d0059c6214fbd590a6c671
-
SHA256
87b56b6e0443cb20aab571123c3f7e029450ddc197bc3008cf5174e8b3e598da
-
SHA512
10c64e01095a862f89f59500b4d5dd2a37e19ed2b8beaaef01e614d978bc5ae1d3a9de2c938570d0c6a9afa0dec89459a13e60b4a65dd55ddb74970c2ad731ca
Score10/10-
CryptBot
A C++ stealer distributed widely in bundle with other software.
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-