General

  • Target

    194448667fa4dd6f62bc65449661f6b6e88ecbc19ee57cc7f3d21a6679607077

  • Size

    910KB

  • Sample

    220213-j9jsfahgcl

  • MD5

    e0eb6c96072bf95ed55992d3e4ea9036

  • SHA1

    5870b7184f6b31d23dd951c897460863d6ead4c6

  • SHA256

    194448667fa4dd6f62bc65449661f6b6e88ecbc19ee57cc7f3d21a6679607077

  • SHA512

    46e610a66d9a5ea9ab81fc94949a6787b95f9954f5a68a1ea8b1159251630948a9c1d626dbf508433be3ff25fc89105d930d11fa83894c0eb8d110250a3e0b46

Malware Config

Targets

    • Target

      194448667fa4dd6f62bc65449661f6b6e88ecbc19ee57cc7f3d21a6679607077

    • Size

      910KB

    • MD5

      e0eb6c96072bf95ed55992d3e4ea9036

    • SHA1

      5870b7184f6b31d23dd951c897460863d6ead4c6

    • SHA256

      194448667fa4dd6f62bc65449661f6b6e88ecbc19ee57cc7f3d21a6679607077

    • SHA512

      46e610a66d9a5ea9ab81fc94949a6787b95f9954f5a68a1ea8b1159251630948a9c1d626dbf508433be3ff25fc89105d930d11fa83894c0eb8d110250a3e0b46

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks