General

  • Target

    7b0b036f718a332c7fe603cb6f941f574c571386eff7bd1cb96537703fcacc87

  • Size

    1.5MB

  • Sample

    220215-n79nasfhdl

  • MD5

    36c4263712e4a103adf5edc6c93449ab

  • SHA1

    3ac0dd61549de4a4373e7190d8d2dc9c919aabd9

  • SHA256

    7b0b036f718a332c7fe603cb6f941f574c571386eff7bd1cb96537703fcacc87

  • SHA512

    9f5974c69062c04e5c68a7bc2d733ec336a152445479bd4900309e641b84f4a21ba9881f80c786c574d25f6f8e86acaf89e8012f69ab5371b382fa91a6c77e7e

Malware Config

Extracted

Family

cryptbot

C2

leksey42.top

morsyl04.top

Attributes
  • payload_url

    http://xetpuy16.top/download.php?file=basque.exe

Targets

    • Target

      7b0b036f718a332c7fe603cb6f941f574c571386eff7bd1cb96537703fcacc87

    • Size

      1.5MB

    • MD5

      36c4263712e4a103adf5edc6c93449ab

    • SHA1

      3ac0dd61549de4a4373e7190d8d2dc9c919aabd9

    • SHA256

      7b0b036f718a332c7fe603cb6f941f574c571386eff7bd1cb96537703fcacc87

    • SHA512

      9f5974c69062c04e5c68a7bc2d733ec336a152445479bd4900309e641b84f4a21ba9881f80c786c574d25f6f8e86acaf89e8012f69ab5371b382fa91a6c77e7e

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

MITRE ATT&CK Enterprise v6

Tasks