General

  • Target

    15faf66c3c88a87c8998b1d8f0cc85a4790937807758072659e68660038fd97c

  • Size

    2.4MB

  • Sample

    220213-j9wf8shgcn

  • MD5

    6b50e9da2ccff3ec3116cc212f788da9

  • SHA1

    9497caed8d0594fcddfbd77f61d1723a073df411

  • SHA256

    15faf66c3c88a87c8998b1d8f0cc85a4790937807758072659e68660038fd97c

  • SHA512

    9026edddaf3b648fe110f7c601f40e7c13ffb87bf127328cbaaba6cd6f919f35e83a0f59c56c0d92e7f5398bba19ac9a81f1e704f03974cbfbeccead9d9ff494

Malware Config

Targets

    • Target

      15faf66c3c88a87c8998b1d8f0cc85a4790937807758072659e68660038fd97c

    • Size

      2.4MB

    • MD5

      6b50e9da2ccff3ec3116cc212f788da9

    • SHA1

      9497caed8d0594fcddfbd77f61d1723a073df411

    • SHA256

      15faf66c3c88a87c8998b1d8f0cc85a4790937807758072659e68660038fd97c

    • SHA512

      9026edddaf3b648fe110f7c601f40e7c13ffb87bf127328cbaaba6cd6f919f35e83a0f59c56c0d92e7f5398bba19ac9a81f1e704f03974cbfbeccead9d9ff494

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks