General
-
Target
145e5d1c4527dc88324a45495d6297f916f6f222f60fd01e5b741854dacfca47
-
Size
1.8MB
-
Sample
220603-bjmseagghq
-
MD5
af613337c4fc936548611a61a7557d89
-
SHA1
be5b7f8acd517220ff747d88cc76d281d169e66c
-
SHA256
145e5d1c4527dc88324a45495d6297f916f6f222f60fd01e5b741854dacfca47
-
SHA512
171b3a9635f188d19d4d0edd5a70c7f34f3ce143a255eaff7a8878caef6509bac81be9287cafa1ac3c2c916e2d266697d46119b06a1385cffd1ceb6ba87635d5
Static task
static1
Behavioral task
behavioral1
Sample
145e5d1c4527dc88324a45495d6297f916f6f222f60fd01e5b741854dacfca47.exe
Resource
win7-20220414-en
Malware Config
Extracted
cryptbot
bombjc17.top
mordfx01.top
-
payload_url
http://fermec01.top/download.php?file=lv.exe
Targets
-
-
Target
145e5d1c4527dc88324a45495d6297f916f6f222f60fd01e5b741854dacfca47
-
Size
1.8MB
-
MD5
af613337c4fc936548611a61a7557d89
-
SHA1
be5b7f8acd517220ff747d88cc76d281d169e66c
-
SHA256
145e5d1c4527dc88324a45495d6297f916f6f222f60fd01e5b741854dacfca47
-
SHA512
171b3a9635f188d19d4d0edd5a70c7f34f3ce143a255eaff7a8878caef6509bac81be9287cafa1ac3c2c916e2d266697d46119b06a1385cffd1ceb6ba87635d5
-
CryptBot Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-