General
-
Target
1b24b813b81daa68d954a2ae89d9ad495ff14e9ff1cc5bc0e6a1c265f7059028
-
Size
1.6MB
-
Sample
220607-yc3avaegel
-
MD5
de0a67addb6c8fab19e29fdcd949725c
-
SHA1
2829056cdc8f189eaa8559bca8f2f8aa6277dc05
-
SHA256
1b24b813b81daa68d954a2ae89d9ad495ff14e9ff1cc5bc0e6a1c265f7059028
-
SHA512
5b7232e2173d8b7ecaba546f98fd0ec107565a8f110e195efa4fdd5ac8399130136d1185021c1bdf30fe32d4a0226052c7313d59db3cfd6f2792a06541541e52
Static task
static1
Behavioral task
behavioral1
Sample
1b24b813b81daa68d954a2ae89d9ad495ff14e9ff1cc5bc0e6a1c265f7059028.exe
Resource
win7-20220414-en
Malware Config
Extracted
cryptbot
sogjge55.top
moratr05.top
-
payload_url
http://douydw07.top/download.php?file=lv.exe
Targets
-
-
Target
1b24b813b81daa68d954a2ae89d9ad495ff14e9ff1cc5bc0e6a1c265f7059028
-
Size
1.6MB
-
MD5
de0a67addb6c8fab19e29fdcd949725c
-
SHA1
2829056cdc8f189eaa8559bca8f2f8aa6277dc05
-
SHA256
1b24b813b81daa68d954a2ae89d9ad495ff14e9ff1cc5bc0e6a1c265f7059028
-
SHA512
5b7232e2173d8b7ecaba546f98fd0ec107565a8f110e195efa4fdd5ac8399130136d1185021c1bdf30fe32d4a0226052c7313d59db3cfd6f2792a06541541e52
-
CryptBot Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-