General

  • Target

    12dc310d6caa4d1a91c40856e644f59283cce3ee1360f715c62bb348166cc818

  • Size

    2.8MB

  • Sample

    220213-j95d5shgcq

  • MD5

    d7d4a086b9a2224fc917c844cc23471b

  • SHA1

    a11be3247bbcba485f04c70691b9e309fac802ec

  • SHA256

    12dc310d6caa4d1a91c40856e644f59283cce3ee1360f715c62bb348166cc818

  • SHA512

    267eb3874b0b333ee69545ed991e828a1b0bad95bb16ef3336582026b115a1ed216de8d32e776d027aefe4f8c1acde4b3cc492e6588e50bf888af4ee30fd851e

Malware Config

Targets

    • Target

      12dc310d6caa4d1a91c40856e644f59283cce3ee1360f715c62bb348166cc818

    • Size

      2.8MB

    • MD5

      d7d4a086b9a2224fc917c844cc23471b

    • SHA1

      a11be3247bbcba485f04c70691b9e309fac802ec

    • SHA256

      12dc310d6caa4d1a91c40856e644f59283cce3ee1360f715c62bb348166cc818

    • SHA512

      267eb3874b0b333ee69545ed991e828a1b0bad95bb16ef3336582026b115a1ed216de8d32e776d027aefe4f8c1acde4b3cc492e6588e50bf888af4ee30fd851e

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks