General

  • Target

    145e5d1c4527dc88324a45495d6297f916f6f222f60fd01e5b741854dacfca47

  • Size

    1.8MB

  • Sample

    220603-bjmseagghq

  • MD5

    af613337c4fc936548611a61a7557d89

  • SHA1

    be5b7f8acd517220ff747d88cc76d281d169e66c

  • SHA256

    145e5d1c4527dc88324a45495d6297f916f6f222f60fd01e5b741854dacfca47

  • SHA512

    171b3a9635f188d19d4d0edd5a70c7f34f3ce143a255eaff7a8878caef6509bac81be9287cafa1ac3c2c916e2d266697d46119b06a1385cffd1ceb6ba87635d5

Malware Config

Extracted

Family

cryptbot

C2

bombjc17.top

mordfx01.top

Attributes
  • payload_url

    http://fermec01.top/download.php?file=lv.exe

Targets

    • Target

      145e5d1c4527dc88324a45495d6297f916f6f222f60fd01e5b741854dacfca47

    • Size

      1.8MB

    • MD5

      af613337c4fc936548611a61a7557d89

    • SHA1

      be5b7f8acd517220ff747d88cc76d281d169e66c

    • SHA256

      145e5d1c4527dc88324a45495d6297f916f6f222f60fd01e5b741854dacfca47

    • SHA512

      171b3a9635f188d19d4d0edd5a70c7f34f3ce143a255eaff7a8878caef6509bac81be9287cafa1ac3c2c916e2d266697d46119b06a1385cffd1ceb6ba87635d5

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks