General
-
Target
1eb341d4801b527a964ff06b6b8fc96b8630eb0224ef89073a4e081ee55214a0
-
Size
1.9MB
-
Sample
220612-y1xehaacc4
-
MD5
ac94cf315089f94f18e104108d079610
-
SHA1
ec50bfc8383af224642afd6d44bdc80964d0a8db
-
SHA256
1eb341d4801b527a964ff06b6b8fc96b8630eb0224ef89073a4e081ee55214a0
-
SHA512
e351b3f14eb5767e0e2d8ff49154f04103da5562ee1af5d7e0e8d7a838d488fabf5945d5edde1efb67d48e48bf5db73e8e198eaf3402f86f9f63aa1fc7aafaaf
Static task
static1
Behavioral task
behavioral1
Sample
1eb341d4801b527a964ff06b6b8fc96b8630eb0224ef89073a4e081ee55214a0.exe
Resource
win7-20220414-en
Malware Config
Extracted
cryptbot
dekvf64.top
mornui06.top
Targets
-
-
Target
1eb341d4801b527a964ff06b6b8fc96b8630eb0224ef89073a4e081ee55214a0
-
Size
1.9MB
-
MD5
ac94cf315089f94f18e104108d079610
-
SHA1
ec50bfc8383af224642afd6d44bdc80964d0a8db
-
SHA256
1eb341d4801b527a964ff06b6b8fc96b8630eb0224ef89073a4e081ee55214a0
-
SHA512
e351b3f14eb5767e0e2d8ff49154f04103da5562ee1af5d7e0e8d7a838d488fabf5945d5edde1efb67d48e48bf5db73e8e198eaf3402f86f9f63aa1fc7aafaaf
-
CryptBot Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-