General
-
Target
22376bf7ca69efb39783606717a05152db92a8b525e9f3479f4b87dcdf35df11
-
Size
1.7MB
-
Sample
220612-gqechadch6
-
MD5
f90f80b2b5550352656f9cc36099f12c
-
SHA1
9dde533cb3cb2307c8b1786f5fce715c7a6fd7d4
-
SHA256
22376bf7ca69efb39783606717a05152db92a8b525e9f3479f4b87dcdf35df11
-
SHA512
6a51fbaa83d7c94e4a7368936b96938a009410d4f1f8e8ca72b5c5a4befe1c3f709c7f2a0da836c2f6dbc927f47bc45c281ae864b329c6b08f189c100c86dcff
Static task
static1
Behavioral task
behavioral1
Sample
22376bf7ca69efb39783606717a05152db92a8b525e9f3479f4b87dcdf35df11.exe
Resource
win7-20220414-en
Malware Config
Extracted
cryptbot
eoskqt15.top
morron01.top
Targets
-
-
Target
22376bf7ca69efb39783606717a05152db92a8b525e9f3479f4b87dcdf35df11
-
Size
1.7MB
-
MD5
f90f80b2b5550352656f9cc36099f12c
-
SHA1
9dde533cb3cb2307c8b1786f5fce715c7a6fd7d4
-
SHA256
22376bf7ca69efb39783606717a05152db92a8b525e9f3479f4b87dcdf35df11
-
SHA512
6a51fbaa83d7c94e4a7368936b96938a009410d4f1f8e8ca72b5c5a4befe1c3f709c7f2a0da836c2f6dbc927f47bc45c281ae864b329c6b08f189c100c86dcff
-
CryptBot Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-