General
-
Target
057361b58f11dba5a58eb6a67014a3fcc06c38e7536dd0c485ca4f31cdfc9fa7
-
Size
423KB
-
Sample
220527-wf5h9sfah9
-
MD5
775eabfec7f30fbfc1b0a5387a3adc75
-
SHA1
0f273b7c9d4a4dfb9d3beb01cee2ea8ed11ef5f9
-
SHA256
057361b58f11dba5a58eb6a67014a3fcc06c38e7536dd0c485ca4f31cdfc9fa7
-
SHA512
9c3854bd31cba7c916c6875ca2841c399c673166e89a34f812f1a62af0c4923e076dca5504b01cdb53dbeea9d006c27db3d4d9a86efccf7fa17a88c810ba3db3
Static task
static1
Behavioral task
behavioral1
Sample
057361b58f11dba5a58eb6a67014a3fcc06c38e7536dd0c485ca4f31cdfc9fa7.exe
Resource
win7-20220414-en
Malware Config
Extracted
cryptbot
keludt32.top
morvim03.top
-
payload_url
http://butlou15.top/download.php?file=tubful.exe
Targets
-
-
Target
057361b58f11dba5a58eb6a67014a3fcc06c38e7536dd0c485ca4f31cdfc9fa7
-
Size
423KB
-
MD5
775eabfec7f30fbfc1b0a5387a3adc75
-
SHA1
0f273b7c9d4a4dfb9d3beb01cee2ea8ed11ef5f9
-
SHA256
057361b58f11dba5a58eb6a67014a3fcc06c38e7536dd0c485ca4f31cdfc9fa7
-
SHA512
9c3854bd31cba7c916c6875ca2841c399c673166e89a34f812f1a62af0c4923e076dca5504b01cdb53dbeea9d006c27db3d4d9a86efccf7fa17a88c810ba3db3
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-