Resubmissions

10/06/2022, 17:27

220610-v1ye1saag4 10

12/04/2022, 15:01

220412-sdvdqscgep 10

General

  • Target

    884266406f11e034de97c494abd1106a.exe

  • Size

    347KB

  • Sample

    220610-v1ye1saag4

  • MD5

    884266406f11e034de97c494abd1106a

  • SHA1

    d3f9c78d3d47468688819272182ca1149221aaef

  • SHA256

    328132c92e6b42bd191853561730acf00f4a4dd056b8bbd872cdae394d391bc2

  • SHA512

    ebc3a0fac891c70a3bb25db6524368c7285e7f50f2ce184d3161164c41bd8b64144fa49256f76bb0180c4379b19577809e2bcd63da1c17e3f3ddd958b06ca98a

Malware Config

Extracted

Family

cryptbot

C2

poqvyg22.top

Targets

    • Target

      884266406f11e034de97c494abd1106a.exe

    • Size

      347KB

    • MD5

      884266406f11e034de97c494abd1106a

    • SHA1

      d3f9c78d3d47468688819272182ca1149221aaef

    • SHA256

      328132c92e6b42bd191853561730acf00f4a4dd056b8bbd872cdae394d391bc2

    • SHA512

      ebc3a0fac891c70a3bb25db6524368c7285e7f50f2ce184d3161164c41bd8b64144fa49256f76bb0180c4379b19577809e2bcd63da1c17e3f3ddd958b06ca98a

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks