General

  • Target

    0032906a0772c603297d2a6ca49915e1527dad907575d56c56f75115054d5802

  • Size

    2.3MB

  • Sample

    220213-kbrwtsfha6

  • MD5

    f6526f5b96c36c216d05ec2e68041ba0

  • SHA1

    d9587b1e96610f7c6963bcdad2b9e7739c0d9a67

  • SHA256

    0032906a0772c603297d2a6ca49915e1527dad907575d56c56f75115054d5802

  • SHA512

    dde0a7bbe2bc6979df87ac13e54fcceaad4e9dfd87625bd0ccf18b2a47898e4321cf4e4a00e5b40cf4ac16d528b9e65cdd677f954617ca1479d4baeda2fad8c2

Malware Config

Targets

    • Target

      0032906a0772c603297d2a6ca49915e1527dad907575d56c56f75115054d5802

    • Size

      2.3MB

    • MD5

      f6526f5b96c36c216d05ec2e68041ba0

    • SHA1

      d9587b1e96610f7c6963bcdad2b9e7739c0d9a67

    • SHA256

      0032906a0772c603297d2a6ca49915e1527dad907575d56c56f75115054d5802

    • SHA512

      dde0a7bbe2bc6979df87ac13e54fcceaad4e9dfd87625bd0ccf18b2a47898e4321cf4e4a00e5b40cf4ac16d528b9e65cdd677f954617ca1479d4baeda2fad8c2

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks