General

  • Target

    22376bf7ca69efb39783606717a05152db92a8b525e9f3479f4b87dcdf35df11

  • Size

    1.7MB

  • Sample

    220612-gqechadch6

  • MD5

    f90f80b2b5550352656f9cc36099f12c

  • SHA1

    9dde533cb3cb2307c8b1786f5fce715c7a6fd7d4

  • SHA256

    22376bf7ca69efb39783606717a05152db92a8b525e9f3479f4b87dcdf35df11

  • SHA512

    6a51fbaa83d7c94e4a7368936b96938a009410d4f1f8e8ca72b5c5a4befe1c3f709c7f2a0da836c2f6dbc927f47bc45c281ae864b329c6b08f189c100c86dcff

Malware Config

Extracted

Family

cryptbot

C2

eoskqt15.top

morron01.top

Targets

    • Target

      22376bf7ca69efb39783606717a05152db92a8b525e9f3479f4b87dcdf35df11

    • Size

      1.7MB

    • MD5

      f90f80b2b5550352656f9cc36099f12c

    • SHA1

      9dde533cb3cb2307c8b1786f5fce715c7a6fd7d4

    • SHA256

      22376bf7ca69efb39783606717a05152db92a8b525e9f3479f4b87dcdf35df11

    • SHA512

      6a51fbaa83d7c94e4a7368936b96938a009410d4f1f8e8ca72b5c5a4befe1c3f709c7f2a0da836c2f6dbc927f47bc45c281ae864b329c6b08f189c100c86dcff

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks