General

  • Target

    1a1d6bacd3ee9df691bf5443e29f697a1d53903d94afe73b2f99e83f9fcd2593

  • Size

    2.4MB

  • Sample

    220213-j9etgsfgg5

  • MD5

    1c303dd0cef48ec7b0a3b10efc2da674

  • SHA1

    7a2632ac6a9449d420a01a56335320fc2f984bf1

  • SHA256

    1a1d6bacd3ee9df691bf5443e29f697a1d53903d94afe73b2f99e83f9fcd2593

  • SHA512

    2adda1658992e93f545fc87bcf997eae76d9ecac6477e47a9ef36fa926821edbb50231e5775154ff307f6ea70c7a787dc5c58eaf1f21d5aea60c7cf847f45c0a

Malware Config

Targets

    • Target

      1a1d6bacd3ee9df691bf5443e29f697a1d53903d94afe73b2f99e83f9fcd2593

    • Size

      2.4MB

    • MD5

      1c303dd0cef48ec7b0a3b10efc2da674

    • SHA1

      7a2632ac6a9449d420a01a56335320fc2f984bf1

    • SHA256

      1a1d6bacd3ee9df691bf5443e29f697a1d53903d94afe73b2f99e83f9fcd2593

    • SHA512

      2adda1658992e93f545fc87bcf997eae76d9ecac6477e47a9ef36fa926821edbb50231e5775154ff307f6ea70c7a787dc5c58eaf1f21d5aea60c7cf847f45c0a

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks