General
-
Target
0e6e34f28200523d1556fb9056a35d70278fe51a85b5cabda795a22e2b4353d8
-
Size
1.5MB
-
Sample
220604-xmjqtafgfp
-
MD5
d707549526b4283ba1fefbb16f43e27c
-
SHA1
d4d56da8dc80bed6a63ba6ab088a8699f88a721c
-
SHA256
0e6e34f28200523d1556fb9056a35d70278fe51a85b5cabda795a22e2b4353d8
-
SHA512
6fb0bc4fe381034c7288ec1428ffa706e3fbf08898a5a75fb0cbe80d00cd64b5d944db81b139149ae96b2043649315cb4705f250bbc4593df33cdb792306a1ea
Static task
static1
Behavioral task
behavioral1
Sample
0e6e34f28200523d1556fb9056a35d70278fe51a85b5cabda795a22e2b4353d8.exe
Resource
win7-20220414-en
Malware Config
Extracted
cryptbot
afrodeep22.top
moraaaasq12.top
-
payload_url
http://weloadhh03.top/download.php?file=lv.exe
Targets
-
-
Target
0e6e34f28200523d1556fb9056a35d70278fe51a85b5cabda795a22e2b4353d8
-
Size
1.5MB
-
MD5
d707549526b4283ba1fefbb16f43e27c
-
SHA1
d4d56da8dc80bed6a63ba6ab088a8699f88a721c
-
SHA256
0e6e34f28200523d1556fb9056a35d70278fe51a85b5cabda795a22e2b4353d8
-
SHA512
6fb0bc4fe381034c7288ec1428ffa706e3fbf08898a5a75fb0cbe80d00cd64b5d944db81b139149ae96b2043649315cb4705f250bbc4593df33cdb792306a1ea
-
CryptBot Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-