General

  • Target

    07f3c859e53fecceef8cd392986569afba36c469a3c1ed83183392685d13eb87

  • Size

    2.5MB

  • Sample

    220213-ka38gafgh9

  • MD5

    06a0a64600670d22fef72a35ede63383

  • SHA1

    51bcb42d5f5f658e8af5f3fd54938c8495868c3f

  • SHA256

    07f3c859e53fecceef8cd392986569afba36c469a3c1ed83183392685d13eb87

  • SHA512

    c2c4f651ff9206d7db1b1b1d92a1e92fdcae8a76a44035958f133fa42d9ddde3a30135d9ee1e223faa0c28ea2248d4797d08992026ddf854ac6ffa3b88bb2d4d

Malware Config

Targets

    • Target

      07f3c859e53fecceef8cd392986569afba36c469a3c1ed83183392685d13eb87

    • Size

      2.5MB

    • MD5

      06a0a64600670d22fef72a35ede63383

    • SHA1

      51bcb42d5f5f658e8af5f3fd54938c8495868c3f

    • SHA256

      07f3c859e53fecceef8cd392986569afba36c469a3c1ed83183392685d13eb87

    • SHA512

      c2c4f651ff9206d7db1b1b1d92a1e92fdcae8a76a44035958f133fa42d9ddde3a30135d9ee1e223faa0c28ea2248d4797d08992026ddf854ac6ffa3b88bb2d4d

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks