General

  • Target

    9b227e19b2b0fef781156d037d4ae6d2e191caaafcb7289ad8cdad283749c3e1

  • Size

    1.9MB

  • Sample

    220215-jmzv5scdf7

  • MD5

    a4dbaff7f458195a73083037c104a602

  • SHA1

    6389cb9da054558a96ba0bc8e48660395115f815

  • SHA256

    9b227e19b2b0fef781156d037d4ae6d2e191caaafcb7289ad8cdad283749c3e1

  • SHA512

    6e83e2c3c8bd2c60bedd67974f031246e3461ed443380aef48aff19a1e849cb5f79dd7c8a707f6372ceb151ad8d547f109c7fdd21b0a7da0857b3b9b6a7c5406

Malware Config

Extracted

Family

cryptbot

C2

tisotn13.top

morkew01.top

Attributes
  • payload_url

    http://danmia01.top/download.php?file=vamped.exe

Targets

    • Target

      9b227e19b2b0fef781156d037d4ae6d2e191caaafcb7289ad8cdad283749c3e1

    • Size

      1.9MB

    • MD5

      a4dbaff7f458195a73083037c104a602

    • SHA1

      6389cb9da054558a96ba0bc8e48660395115f815

    • SHA256

      9b227e19b2b0fef781156d037d4ae6d2e191caaafcb7289ad8cdad283749c3e1

    • SHA512

      6e83e2c3c8bd2c60bedd67974f031246e3461ed443380aef48aff19a1e849cb5f79dd7c8a707f6372ceb151ad8d547f109c7fdd21b0a7da0857b3b9b6a7c5406

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks