General
-
Target
02c9ff836b50937d98fbd5d0dd0c67393554af5f43cf7b3f908f7be57230fe75
-
Size
1.8MB
-
Sample
220528-c8swdsdhc8
-
MD5
3ab71f5cbfac7d5c8eeed07ce6e08c82
-
SHA1
504efc05b11d2daf8ff364ab524614407f08de11
-
SHA256
02c9ff836b50937d98fbd5d0dd0c67393554af5f43cf7b3f908f7be57230fe75
-
SHA512
87227fbd97fff57c677fcbf1b5bb836e73c0b4d65162c69f9fcf3e3cab8aeab2f8abbaba2a4df232cdeafc965936b52e9c37ba5ae5f69bc3967d49e4d05ac40f
Static task
static1
Behavioral task
behavioral1
Sample
02c9ff836b50937d98fbd5d0dd0c67393554af5f43cf7b3f908f7be57230fe75.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
02c9ff836b50937d98fbd5d0dd0c67393554af5f43cf7b3f908f7be57230fe75.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
cryptbot
kaaaqttob24.top
morcyjhlr04.top
-
payload_url
http://vrsypcmlg13.top/download.php?file=lv.exe
Targets
-
-
Target
02c9ff836b50937d98fbd5d0dd0c67393554af5f43cf7b3f908f7be57230fe75
-
Size
1.8MB
-
MD5
3ab71f5cbfac7d5c8eeed07ce6e08c82
-
SHA1
504efc05b11d2daf8ff364ab524614407f08de11
-
SHA256
02c9ff836b50937d98fbd5d0dd0c67393554af5f43cf7b3f908f7be57230fe75
-
SHA512
87227fbd97fff57c677fcbf1b5bb836e73c0b4d65162c69f9fcf3e3cab8aeab2f8abbaba2a4df232cdeafc965936b52e9c37ba5ae5f69bc3967d49e4d05ac40f
Score10/10-
CryptBot Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-