cryptbot | f90eb82d70118fb18f44f8ecb33682baf047ef857210c57a7016b8794e2a94cd

General

Target

59181336c7ed4b4152b83793f7ea9eae.exe
Size

735KB
MD5

59181336c7ed4b4152b83793f7ea9eae
SHA1

5d91e0530c6ca8fbb7a35bed48c9865a599d1838
SHA256

f90eb82d70118fb18f44f8ecb33682baf047ef857210c57a7016b8794e2a94cd
SHA512

a8c32e5d520698b8519310393501ed9bceb4ecb5cd4bec8d0aa2743cc425cbcb52d62730d46906c4c79294a9b4ef5ec64872fd95fdb24f5eb313f89ce0bac585

Score

10^/10

cryptbot discovery spyware stealer

Malware Config

Extracted

Family

cryptbot

C2

bridmz52.top

Signatures

CryptBot
A C++ stealer distributed widely in bundle with other software.
spyware stealer cryptbot
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

59181336c7ed4b4152b83793f7ea9eae.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	59181336c7ed4b4152b83793f7ea9eae.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	59181336c7ed4b4152b83793f7ea9eae.exe

C:\Users\Admin\AppData\Local\Temp\59181336c7ed4b4152b83793f7ea9eae.exe
"C:\Users\Admin\AppData\Local\Temp\59181336c7ed4b4152b83793f7ea9eae.exe"
1⤵
- Checks processor information in registry
PID:388

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Data from Local System

2

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/388-130-0x0000000002710000-0x0000000002770000-memory.dmp

Filesize
384KB

Download
memory/388-131-0x0000000003860000-0x0000000003861000-memory.dmp

Filesize
4KB

Download
memory/388-132-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/388-133-0x0000000002AA0000-0x0000000002AA1000-memory.dmp

Filesize
4KB

Download
memory/388-134-0x0000000002B00000-0x0000000002B01000-memory.dmp

Filesize
4KB

Download
memory/388-135-0x0000000002A90000-0x0000000002A91000-memory.dmp

Filesize
4KB

Download
memory/388-136-0x0000000002B20000-0x0000000002B21000-memory.dmp

Filesize
4KB

Download
memory/388-137-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/388-138-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/388-139-0x0000000002AF0000-0x0000000002AF1000-memory.dmp

Filesize
4KB

Download
memory/388-140-0x00000000037C0000-0x00000000037C1000-memory.dmp

Filesize
4KB

Download
memory/388-141-0x00000000037B0000-0x00000000037B1000-memory.dmp

Filesize
4KB

Download
memory/388-142-0x0000000002890000-0x0000000002891000-memory.dmp

Filesize
4KB

Download
memory/388-143-0x0000000002880000-0x0000000002881000-memory.dmp

Filesize
4KB

Download
memory/388-144-0x00000000028E0000-0x00000000028E1000-memory.dmp

Filesize
4KB

Download
memory/388-145-0x00000000028B0000-0x00000000028B1000-memory.dmp

Filesize
4KB

Download
memory/388-147-0x00000000038B0000-0x00000000038F7000-memory.dmp

Filesize
284KB

Download
memory/388-148-0x00000000028F0000-0x00000000028F1000-memory.dmp

Filesize
4KB

Download
memory/388-151-0x0000000002A00000-0x0000000002A01000-memory.dmp

Filesize
4KB

Download
memory/388-153-0x00000000029F0000-0x00000000029F1000-memory.dmp

Filesize
4KB

Download
memory/388-155-0x0000000002A50000-0x0000000002A51000-memory.dmp

Filesize
4KB

Download
memory/388-146-0x0000000002870000-0x0000000002871000-memory.dmp

Filesize
4KB

Download
memory/388-158-0x0000000003810000-0x0000000003811000-memory.dmp

Filesize
4KB

Download
memory/388-157-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/388-159-0x00000000038B1000-0x00000000038E5000-memory.dmp

Filesize
208KB

Download
memory/388-160-0x0000000003800000-0x0000000003801000-memory.dmp

Filesize
4KB

Download
memory/388-161-0x0000000002A70000-0x0000000002A71000-memory.dmp

Filesize
4KB

Download
memory/388-162-0x0000000002A20000-0x0000000002A21000-memory.dmp

Filesize
4KB

Download
memory/388-163-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/388-164-0x0000000003860000-0x0000000003861000-memory.dmp

Filesize
4KB

Download
memory/388-165-0x0000000002B60000-0x0000000002B61000-memory.dmp

Filesize
4KB

Download
memory/388-166-0x0000000002B50000-0x0000000002B51000-memory.dmp

Filesize
4KB

Download
memory/388-167-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/388-168-0x0000000002B40000-0x0000000002B41000-memory.dmp

Filesize
4KB

Download
memory/388-169-0x0000000002BD0000-0x0000000002BD1000-memory.dmp

Filesize
4KB

Download
memory/388-170-0x0000000002B80000-0x0000000002B81000-memory.dmp

Filesize
4KB

Download
memory/388-171-0x0000000002BC0000-0x0000000002BC1000-memory.dmp

Filesize
4KB

Download
memory/388-172-0x0000000002B70000-0x0000000002B71000-memory.dmp

Filesize
4KB

Download
memory/388-173-0x0000000003830000-0x0000000003831000-memory.dmp

Filesize
4KB

Download
memory/388-174-0x0000000003820000-0x0000000003821000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing