General

  • Target

    0369c702f727e52c53161518048c5b1c2e85fd20562f54fca6a782e29424e133

  • Size

    1.8MB

  • Sample

    220528-av7raaeedq

  • MD5

    638983588b31575a8b27afcc5cfc18d2

  • SHA1

    10a28ef3350cb9b469ed02029663be595294572a

  • SHA256

    0369c702f727e52c53161518048c5b1c2e85fd20562f54fca6a782e29424e133

  • SHA512

    3be67bb70eb2e9f06b383544ae5f0a570f4cb134f72eeaa206952ea4e4fc34447266f384661445f90d2965464cb695b1f7eac08201b95490fa4b3ab6c1178274

Malware Config

Extracted

Family

cryptbot

C2

cinvvv14.top

morsxd01.top

Attributes
  • payload_url

    http://binsas01.top/download.php?file=lv.exe

Targets

    • Target

      0369c702f727e52c53161518048c5b1c2e85fd20562f54fca6a782e29424e133

    • Size

      1.8MB

    • MD5

      638983588b31575a8b27afcc5cfc18d2

    • SHA1

      10a28ef3350cb9b469ed02029663be595294572a

    • SHA256

      0369c702f727e52c53161518048c5b1c2e85fd20562f54fca6a782e29424e133

    • SHA512

      3be67bb70eb2e9f06b383544ae5f0a570f4cb134f72eeaa206952ea4e4fc34447266f384661445f90d2965464cb695b1f7eac08201b95490fa4b3ab6c1178274

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks