General
-
Target
18a7c584ae8e9138bd18d3d0049db02e6a7ba3b0fc5792d45f717f5c79354b3f
-
Size
1.8MB
-
Sample
220608-t7mfnafghr
-
MD5
66cd2efcbad7aa0fec511198e6448e2a
-
SHA1
6feb9495a3a31a49ca2c7308dc645e21a932b54e
-
SHA256
18a7c584ae8e9138bd18d3d0049db02e6a7ba3b0fc5792d45f717f5c79354b3f
-
SHA512
0eda0944690d6e66b7686895f01b0797319032030c1444972941c09707617816da8fe6f7a9f23ed960e68bb1e2039801382b3711229cec3a0933a0b45eb036ac
Static task
static1
Behavioral task
behavioral1
Sample
18a7c584ae8e9138bd18d3d0049db02e6a7ba3b0fc5792d45f717f5c79354b3f.exe
Resource
win7-20220414-en
Malware Config
Extracted
cryptbot
jusvtu35.top
morwyc03.top
-
payload_url
http://filrvg04.top/download.php?file=lv.exe
Targets
-
-
Target
18a7c584ae8e9138bd18d3d0049db02e6a7ba3b0fc5792d45f717f5c79354b3f
-
Size
1.8MB
-
MD5
66cd2efcbad7aa0fec511198e6448e2a
-
SHA1
6feb9495a3a31a49ca2c7308dc645e21a932b54e
-
SHA256
18a7c584ae8e9138bd18d3d0049db02e6a7ba3b0fc5792d45f717f5c79354b3f
-
SHA512
0eda0944690d6e66b7686895f01b0797319032030c1444972941c09707617816da8fe6f7a9f23ed960e68bb1e2039801382b3711229cec3a0933a0b45eb036ac
-
CryptBot Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-