General

  • Target

    057361b58f11dba5a58eb6a67014a3fcc06c38e7536dd0c485ca4f31cdfc9fa7

  • Size

    423KB

  • Sample

    220527-wf5h9sfah9

  • MD5

    775eabfec7f30fbfc1b0a5387a3adc75

  • SHA1

    0f273b7c9d4a4dfb9d3beb01cee2ea8ed11ef5f9

  • SHA256

    057361b58f11dba5a58eb6a67014a3fcc06c38e7536dd0c485ca4f31cdfc9fa7

  • SHA512

    9c3854bd31cba7c916c6875ca2841c399c673166e89a34f812f1a62af0c4923e076dca5504b01cdb53dbeea9d006c27db3d4d9a86efccf7fa17a88c810ba3db3

Malware Config

Extracted

Family

cryptbot

C2

keludt32.top

morvim03.top

Attributes
  • payload_url

    http://butlou15.top/download.php?file=tubful.exe

Targets

    • Target

      057361b58f11dba5a58eb6a67014a3fcc06c38e7536dd0c485ca4f31cdfc9fa7

    • Size

      423KB

    • MD5

      775eabfec7f30fbfc1b0a5387a3adc75

    • SHA1

      0f273b7c9d4a4dfb9d3beb01cee2ea8ed11ef5f9

    • SHA256

      057361b58f11dba5a58eb6a67014a3fcc06c38e7536dd0c485ca4f31cdfc9fa7

    • SHA512

      9c3854bd31cba7c916c6875ca2841c399c673166e89a34f812f1a62af0c4923e076dca5504b01cdb53dbeea9d006c27db3d4d9a86efccf7fa17a88c810ba3db3

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks