General

  • Target

    111f5a17448a9edf6bd38fc7987c2d6f77bbf5133cb7fd166346d9c28940ae6b

  • Size

    2.4MB

  • Sample

    220213-kadyksfgh5

  • MD5

    b05e8714b40a34454d9c75a23dbbc625

  • SHA1

    5d1940836cd89eb32ecb1394b67bbacfb8c0e49d

  • SHA256

    111f5a17448a9edf6bd38fc7987c2d6f77bbf5133cb7fd166346d9c28940ae6b

  • SHA512

    526cbb13bd78640b3c02310ec7a0952ee716fbd6b0a5d9bc96506f58f76892bd9f949907bd5787480c3eaf95d78cf252271cd0da2a6860ef6f21094046545dba

Malware Config

Targets

    • Target

      111f5a17448a9edf6bd38fc7987c2d6f77bbf5133cb7fd166346d9c28940ae6b

    • Size

      2.4MB

    • MD5

      b05e8714b40a34454d9c75a23dbbc625

    • SHA1

      5d1940836cd89eb32ecb1394b67bbacfb8c0e49d

    • SHA256

      111f5a17448a9edf6bd38fc7987c2d6f77bbf5133cb7fd166346d9c28940ae6b

    • SHA512

      526cbb13bd78640b3c02310ec7a0952ee716fbd6b0a5d9bc96506f58f76892bd9f949907bd5787480c3eaf95d78cf252271cd0da2a6860ef6f21094046545dba

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks