General
-
Target
9b227e19b2b0fef781156d037d4ae6d2e191caaafcb7289ad8cdad283749c3e1
-
Size
1.9MB
-
Sample
220215-jmzv5scdf7
-
MD5
a4dbaff7f458195a73083037c104a602
-
SHA1
6389cb9da054558a96ba0bc8e48660395115f815
-
SHA256
9b227e19b2b0fef781156d037d4ae6d2e191caaafcb7289ad8cdad283749c3e1
-
SHA512
6e83e2c3c8bd2c60bedd67974f031246e3461ed443380aef48aff19a1e849cb5f79dd7c8a707f6372ceb151ad8d547f109c7fdd21b0a7da0857b3b9b6a7c5406
Static task
static1
Behavioral task
behavioral1
Sample
9b227e19b2b0fef781156d037d4ae6d2e191caaafcb7289ad8cdad283749c3e1.exe
Resource
win7-en-20211208
Malware Config
Extracted
cryptbot
tisotn13.top
morkew01.top
-
payload_url
http://danmia01.top/download.php?file=vamped.exe
Targets
-
-
Target
9b227e19b2b0fef781156d037d4ae6d2e191caaafcb7289ad8cdad283749c3e1
-
Size
1.9MB
-
MD5
a4dbaff7f458195a73083037c104a602
-
SHA1
6389cb9da054558a96ba0bc8e48660395115f815
-
SHA256
9b227e19b2b0fef781156d037d4ae6d2e191caaafcb7289ad8cdad283749c3e1
-
SHA512
6e83e2c3c8bd2c60bedd67974f031246e3461ed443380aef48aff19a1e849cb5f79dd7c8a707f6372ceb151ad8d547f109c7fdd21b0a7da0857b3b9b6a7c5406
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-