General

  • Target

    11a3affd46630ac120940433c6457947969868c68ec28c0fa78bd87285f06718

  • Size

    1.0MB

  • Sample

    220215-syqlaagea8

  • MD5

    2b9081a40e6fd3e902d425860f9fd4c9

  • SHA1

    b2a4e99fe1b591a2a0b0fd239ef680e894949559

  • SHA256

    11a3affd46630ac120940433c6457947969868c68ec28c0fa78bd87285f06718

  • SHA512

    4bee41bb2911230ce2b80c028da1245755db74e4419b8c734ac52647c5315c5ebe0ccbaa17435de3370fe3006973bce99dd40769a99950164fc0ba9d9db5da66

Malware Config

Extracted

Family

cryptbot

C2

bazslx45.top

moryby04.top

Attributes
  • payload_url

    http://fumhac05.top/download.php?file=fagald.exe

Targets

    • Target

      11a3affd46630ac120940433c6457947969868c68ec28c0fa78bd87285f06718

    • Size

      1.0MB

    • MD5

      2b9081a40e6fd3e902d425860f9fd4c9

    • SHA1

      b2a4e99fe1b591a2a0b0fd239ef680e894949559

    • SHA256

      11a3affd46630ac120940433c6457947969868c68ec28c0fa78bd87285f06718

    • SHA512

      4bee41bb2911230ce2b80c028da1245755db74e4419b8c734ac52647c5315c5ebe0ccbaa17435de3370fe3006973bce99dd40769a99950164fc0ba9d9db5da66

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks