General

  • Target

    f35b0a6b030d1460f937b85b31d94b5d3e41074acd320732b24f036d7341749e

  • Size

    666KB

  • Sample

    220215-mjr8nsfcar

  • MD5

    4456849011f34301588126a6211dd6d9

  • SHA1

    630529ae8e9e4b687cf5c4359b155bae9ff2776c

  • SHA256

    f35b0a6b030d1460f937b85b31d94b5d3e41074acd320732b24f036d7341749e

  • SHA512

    378407bd41b86b46b9d5aca8a466d069cdc913830dc7b589a075896b5904e5de5b93d9d15a2741f580e86efb3e8ebd186913e1093818640c8216c11043cf85d5

Malware Config

Extracted

Family

cryptbot

C2

leribis05.top

moraffdd04.top

Attributes
  • payload_url

    http://fsdvddrttload01.top/download.php?file=lm.exe

Targets

    • Target

      f35b0a6b030d1460f937b85b31d94b5d3e41074acd320732b24f036d7341749e

    • Size

      666KB

    • MD5

      4456849011f34301588126a6211dd6d9

    • SHA1

      630529ae8e9e4b687cf5c4359b155bae9ff2776c

    • SHA256

      f35b0a6b030d1460f937b85b31d94b5d3e41074acd320732b24f036d7341749e

    • SHA512

      378407bd41b86b46b9d5aca8a466d069cdc913830dc7b589a075896b5904e5de5b93d9d15a2741f580e86efb3e8ebd186913e1093818640c8216c11043cf85d5

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks