General

  • Target

    9de7a0cbfc22bd31dd9ad8783b39e5bc0bdb9ce2f70e232252559474f9192315

  • Size

    451KB

  • Sample

    220215-jj9k6sdgfj

  • MD5

    5e42414beb8222e215ce7566d94cd1aa

  • SHA1

    6fa0f535080658b9eb1b361c42a631f0493c767c

  • SHA256

    9de7a0cbfc22bd31dd9ad8783b39e5bc0bdb9ce2f70e232252559474f9192315

  • SHA512

    b5120f8d0a935401b27c37a6703f28ed64f941d94834e5b84d380dc5a91a2f30cc739cae95b806367d0e1b0b934a38f6e15e1c85977a657def2670bfd4359df3

Malware Config

Extracted

Family

cryptbot

C2

kelnob72.top

morwex07.top

Attributes
  • payload_url

    http://butfwo19.top/download.php?file=balkis.exe

Targets

    • Target

      9de7a0cbfc22bd31dd9ad8783b39e5bc0bdb9ce2f70e232252559474f9192315

    • Size

      451KB

    • MD5

      5e42414beb8222e215ce7566d94cd1aa

    • SHA1

      6fa0f535080658b9eb1b361c42a631f0493c767c

    • SHA256

      9de7a0cbfc22bd31dd9ad8783b39e5bc0bdb9ce2f70e232252559474f9192315

    • SHA512

      b5120f8d0a935401b27c37a6703f28ed64f941d94834e5b84d380dc5a91a2f30cc739cae95b806367d0e1b0b934a38f6e15e1c85977a657def2670bfd4359df3

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks