General

  • Target

    18a7c584ae8e9138bd18d3d0049db02e6a7ba3b0fc5792d45f717f5c79354b3f

  • Size

    1.8MB

  • Sample

    220608-t7mfnafghr

  • MD5

    66cd2efcbad7aa0fec511198e6448e2a

  • SHA1

    6feb9495a3a31a49ca2c7308dc645e21a932b54e

  • SHA256

    18a7c584ae8e9138bd18d3d0049db02e6a7ba3b0fc5792d45f717f5c79354b3f

  • SHA512

    0eda0944690d6e66b7686895f01b0797319032030c1444972941c09707617816da8fe6f7a9f23ed960e68bb1e2039801382b3711229cec3a0933a0b45eb036ac

Malware Config

Extracted

Family

cryptbot

C2

jusvtu35.top

morwyc03.top

Attributes
  • payload_url

    http://filrvg04.top/download.php?file=lv.exe

Targets

    • Target

      18a7c584ae8e9138bd18d3d0049db02e6a7ba3b0fc5792d45f717f5c79354b3f

    • Size

      1.8MB

    • MD5

      66cd2efcbad7aa0fec511198e6448e2a

    • SHA1

      6feb9495a3a31a49ca2c7308dc645e21a932b54e

    • SHA256

      18a7c584ae8e9138bd18d3d0049db02e6a7ba3b0fc5792d45f717f5c79354b3f

    • SHA512

      0eda0944690d6e66b7686895f01b0797319032030c1444972941c09707617816da8fe6f7a9f23ed960e68bb1e2039801382b3711229cec3a0933a0b45eb036ac

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks