General

  • Target

    cd880f54ab74b356528e79c1ff057b8f13754e6501ef1e690e66b66e6c158022

  • Size

    625KB

  • Sample

    220215-grk7fabeg3

  • MD5

    c1a620a5992d4fa7bed6248ce41d4528

  • SHA1

    90b190c88ac66b76b110a604d6af224cdafdd1d4

  • SHA256

    cd880f54ab74b356528e79c1ff057b8f13754e6501ef1e690e66b66e6c158022

  • SHA512

    7e077b83ddc4bba2303a369f48825a16bcaa8e16eb5ef031f8128e38f1808fc30ab8cbc430b3b38e504ee98a910cc1be5b3fbd8a8cfbfaae6421d5a1bf871463

Malware Config

Extracted

Family

cryptbot

C2

cipytg23.top

morhej02.top

Attributes
  • payload_url

    http://sahbog02.top/download.php?file=acheta.exe

Targets

    • Target

      cd880f54ab74b356528e79c1ff057b8f13754e6501ef1e690e66b66e6c158022

    • Size

      625KB

    • MD5

      c1a620a5992d4fa7bed6248ce41d4528

    • SHA1

      90b190c88ac66b76b110a604d6af224cdafdd1d4

    • SHA256

      cd880f54ab74b356528e79c1ff057b8f13754e6501ef1e690e66b66e6c158022

    • SHA512

      7e077b83ddc4bba2303a369f48825a16bcaa8e16eb5ef031f8128e38f1808fc30ab8cbc430b3b38e504ee98a910cc1be5b3fbd8a8cfbfaae6421d5a1bf871463

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks