General

  • Target

    1d40cd7f0476317f4a83db242d3cb567661e162c7e92381b6d3f0b3d16a74996

  • Size

    1.5MB

  • Sample

    220213-j8592shgcj

  • MD5

    2a279404e38c647f665226869a6c90ce

  • SHA1

    b0320df2bbba50db1bde9212649fa8cf7cba1b2a

  • SHA256

    1d40cd7f0476317f4a83db242d3cb567661e162c7e92381b6d3f0b3d16a74996

  • SHA512

    903cb84a260a25be6cc211ed04afbe168fc375030b6c186e9cf6d00dfbf2cd63bad6c5b09ea539bb4c3a402f7f31451543947fd46d97a5da3dd6cc90d5b65d64

Malware Config

Targets

    • Target

      1d40cd7f0476317f4a83db242d3cb567661e162c7e92381b6d3f0b3d16a74996

    • Size

      1.5MB

    • MD5

      2a279404e38c647f665226869a6c90ce

    • SHA1

      b0320df2bbba50db1bde9212649fa8cf7cba1b2a

    • SHA256

      1d40cd7f0476317f4a83db242d3cb567661e162c7e92381b6d3f0b3d16a74996

    • SHA512

      903cb84a260a25be6cc211ed04afbe168fc375030b6c186e9cf6d00dfbf2cd63bad6c5b09ea539bb4c3a402f7f31451543947fd46d97a5da3dd6cc90d5b65d64

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks