General

  • Target

    fbfc9c06fc1d36d3cd5a40e213cf34daf37af387df633c7483773169ad19dd7a

  • Size

    957KB

  • Sample

    220215-e4gcxaaga6

  • MD5

    8113407f7568148046887dbdd655e882

  • SHA1

    9fbf9bff9436f1225ac9e1fa0918de0dd5d77db0

  • SHA256

    fbfc9c06fc1d36d3cd5a40e213cf34daf37af387df633c7483773169ad19dd7a

  • SHA512

    c0fef00069905b283c8796a814cf1d5872ed68e6e9615f1357c38463656714c31a7fca13ade4b1e2749c456f5b9db0a11115e394f3696b45bd6d6aef68f59361

Malware Config

Extracted

Family

cryptbot

C2

kelnob72.top

morwex07.top

Attributes
  • payload_url

    http://butfwo19.top/download.php?file=balkis.exe

Targets

    • Target

      fbfc9c06fc1d36d3cd5a40e213cf34daf37af387df633c7483773169ad19dd7a

    • Size

      957KB

    • MD5

      8113407f7568148046887dbdd655e882

    • SHA1

      9fbf9bff9436f1225ac9e1fa0918de0dd5d77db0

    • SHA256

      fbfc9c06fc1d36d3cd5a40e213cf34daf37af387df633c7483773169ad19dd7a

    • SHA512

      c0fef00069905b283c8796a814cf1d5872ed68e6e9615f1357c38463656714c31a7fca13ade4b1e2749c456f5b9db0a11115e394f3696b45bd6d6aef68f59361

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks