General
-
Target
f35b0a6b030d1460f937b85b31d94b5d3e41074acd320732b24f036d7341749e
-
Size
666KB
-
Sample
220215-mjr8nsfcar
-
MD5
4456849011f34301588126a6211dd6d9
-
SHA1
630529ae8e9e4b687cf5c4359b155bae9ff2776c
-
SHA256
f35b0a6b030d1460f937b85b31d94b5d3e41074acd320732b24f036d7341749e
-
SHA512
378407bd41b86b46b9d5aca8a466d069cdc913830dc7b589a075896b5904e5de5b93d9d15a2741f580e86efb3e8ebd186913e1093818640c8216c11043cf85d5
Static task
static1
Behavioral task
behavioral1
Sample
f35b0a6b030d1460f937b85b31d94b5d3e41074acd320732b24f036d7341749e.exe
Resource
win7-en-20211208
Malware Config
Extracted
cryptbot
leribis05.top
moraffdd04.top
-
payload_url
http://fsdvddrttload01.top/download.php?file=lm.exe
Targets
-
-
Target
f35b0a6b030d1460f937b85b31d94b5d3e41074acd320732b24f036d7341749e
-
Size
666KB
-
MD5
4456849011f34301588126a6211dd6d9
-
SHA1
630529ae8e9e4b687cf5c4359b155bae9ff2776c
-
SHA256
f35b0a6b030d1460f937b85b31d94b5d3e41074acd320732b24f036d7341749e
-
SHA512
378407bd41b86b46b9d5aca8a466d069cdc913830dc7b589a075896b5904e5de5b93d9d15a2741f580e86efb3e8ebd186913e1093818640c8216c11043cf85d5
-
CryptBot Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-