cryptbot

Sharing

Copy URL

Twitter E-mail

General

Target

NewFile-Setup-P@$$-1998.zip
Size

5.4MB
Sample

230102-ahyylsgc5v
MD5

f2d0f8587dccc2528412e0e8e0f35cc1
SHA1

1a99909b56881829cc03cf2430b64a6f70a83633
SHA256

46c8d04c28e274e8e1c1d91f3522a2f354e27cc26da67adabcefce8cc0371807
SHA512

683fd8ae1b4b89800c53c3b1ef6eebbe2fd1e82160e13cd63ee86e9b72e6a58e7dc6aa746d67aaa1f191fa4aa89738ef1857ab9010b7cfd212094e1c73f31ef9
SSDEEP

98304:qf2jMKCV8tnVoaCqC3xnOoSHhkijEx7Wq66AlKjgkwEONV6PKWMVY+EB:LCV8m73xOnnjwWq6yj2L6PKq3B

Score

10^/10

Malware Config

Extracted

Family

cryptbot

http://luvasm712.top/gate.php

Targets

- Target
  
  InstallerAppSetup.exe
- Size
  
  325.9MB
- MD5
  
  eef2077222940d85cb9571717c29d263
- SHA1
  
  55cf9ddfab15589836f4bb5e50cfefab06f9a921
- SHA256
  
  fa838b0dbb429c61dcbef1a837e6840d6cfe8928c120dc76a30fb7146e7edcdb
- SHA512
  
  3e86e9fbb950bf515500cd3361a9348c6ac8474b074048ac7e03edf12d7d004ee5318568af61dd600bce866a59b54e5cf4efc544d93deda912d8a383e5865653
- SSDEEP
  
  49152:im6vBTjPh5zriTZ6KeC+LkT/RhlqCPFhMNvGQGQsQe8y15/jz7KiGlTT+5Gtoiy2:imgTK6Ah5gTZgoGx0Ivx0wWKf4F/VB
Score

10^/10

cryptbot discovery spyware stealer
- CryptBot
  A C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2
- Target
  
  Uses of Additional Files/WinAll/BeholdTV/amd64/bhkspex.x64
- Size
  
  103KB
- MD5
  
  d78686b8130fec68e1a75cec4d2962ae
- SHA1
  
  1816da02e7f8f678b11e4152d56b8af9a9c10469
- SHA256
  
  051be9377f04204ec5df434c451231bceca75b04c230b229160b3e27acfc4484
- SHA512
  
  883b89182b48018eea8d9dc77e65fadb769545579f175b5f4360f8d30669f32f748165310609b46c0bfdb628789b089f405aa94cc0a61d4221b83700706bdc44
- SSDEEP
  
  3072:p8N/5h8XgEu5C2QltfiNW/cp/gi/uRcEgZF0IIRlVNgZ:hmgi2RcEgHIRV
Score

8^/10

persistence
- Registers COM server for autorun
  persistence
behavioral3 behavioral4
- Target
  
  Uses of Additional Files/WinAll/BeholdTV/amd64/cx2310x.sys
- Size
  
  216KB
- MD5
  
  93753476d7b6790c9fbfac910c142c11
- SHA1
  
  607cfecfc118f8954f0be370d0ee10d3c9d09933
- SHA256
  
  661f1dce09341ee40a3d617c99a20621afbfb37cd07620f073b6f9f4d4d37223
- SHA512
  
  3a9d2e99b39a5aa1ee83da5d6f6262c423870f14f9bd540afbbd8436b76659aa07269d0d9a300673fa8e8fdcff3b1890a20e296efb1d72cb26ec4d7ab933cbb8
- SSDEEP
  
  6144:WFCF7rD3jjUOjAxph/vkvFpekXbBfe3M7jh:WG7njIO0OoM7
Score

1^/10
behavioral5 behavioral6
- Target
  
  Uses of Additional Files/WinAll/BeholdTV/amd64/cxpolir.sys
- Size
  
  23KB
- MD5
  
  14b1f224d99fa6d8cf448385d86d2875
- SHA1
  
  bf8b149846efdfa85f9d78b34b2e2ad88e54d547
- SHA256
  
  bb120924de0b6797959114b5d038d664d685180a2808ef8784fb095b3b9d1f37
- SHA512
  
  4d00bef1f7c18d2905cdcb4c38502e8425429f397b27a6fa6a924da5bc8b76422c7edb849aeac572f9db3fe84422593977f5fe623d2f42c2ec9717b14d9c26fe
- SSDEEP
  
  384:aZo9kSMo+Bk553pBZ5vz8tQ/vs3CkwlhMbGLEake5YoynmecT+dLC0Hku9Msaabm:66t4pwlhH2e5VymecTfCkmZaaT
Score

1^/10
behavioral7 behavioral8
- Target
  
  Uses of Additional Files/WinAll/BeholdTV/amd64/saa713x.sys
- Size
  
  399KB
- MD5
  
  4cb28358ff510b7796e5e9cf71a0471c
- SHA1
  
  f6a9ea73c03cb113e11fd11d2ad2fe837b57d7a6
- SHA256
  
  34d2588afa647c8551c8b802b57fda9267d586220a681f6a8608207fb5d633fb
- SHA512
  
  ec7cf5a34ae456317fd218c171921140a3ac5f8401582e4dc2a7441266c801adf0b87149a3f16410751896a7e5b7e9c60c677da356d962cf16bb0d81ae9f3bc3
- SSDEEP
  
  6144:82Bst7v0r27zglvR3VgGtNVPr4OhYddyID:nBspa27MVdmOoD
Score

1^/10
behavioral10 behavioral9
- Target
  
  Uses of Additional Files/WinAll/BeholdTV/amd64/saa7231.sys
- Size
  
  281KB
- MD5
  
  eea0ccd8d1aa603d9f5a7136195db860
- SHA1
  
  609b6c6dd32c3be1ce59ac245224ede5503480c6
- SHA256
  
  f6b5cefbd2d36f0c42fd25f8fb8b5807fdc0a87bab299d9f3da65cc460e7a954
- SHA512
  
  9bce0ef582a37e1662a60035436a37fd03b6514385a4d2cbb1d77847ce5e5d1de3427200e577db4af3358bfff3dd866a150a38720692e4cc6aa464517ac735d8
- SSDEEP
  
  6144:xvsk/i5Dqi2l6C7SBvvEvFpuEHLxu/9J6z/:Vsk/q+uj6z/
Score

1^/10
behavioral11 behavioral12
- Target
  
  Uses of Additional Files/WinAll/BeholdTV/amd64/ttm6010.sys
- Size
  
  160KB
- MD5
  
  216a6873a34eb96db27668f2128abce9
- SHA1
  
  ee6f09b88c003714e50c2783e15c770874e1cfd3
- SHA256
  
  04f0f0d6ab22c6fd100e3e3277e54f0f9852b7a2251d1bd8f94befd55fae351a
- SHA512
  
  c0e858ae1a0fa94a188d2be3bd4a2671ec4cfcaca206ee86bcfa17f7c98325e6150dec10a8a6b9654e33d1ec1a88bc116dcaa24cd1c7bb5f9974dee72184df5f
- SSDEEP
  
  3072:hVhoEmXJ0beoQrW+7bmvSZgRCxvYd9VEjx9YHSc:hVhoEJioQDmaCCxvQVEjxGH
Score

1^/10
behavioral13 behavioral14
- Target
  
  Uses of Additional Files/WinAll/BeholdTV/bhkspex.dll
- Size
  
  86KB
- MD5
  
  99bb8bd22f57a326ec870207c83a2d49
- SHA1
  
  7e5f81b90538879d9f444cd8661cdb3b0e357d3b
- SHA256
  
  98ef16b6fb497105d0cc4e99f445f2053b65550d594d0368316fe6898d03093f
- SHA512
  
  d114f4f012a852daf0783a073b0568385c5f8057052caa4072f84a142c80a67bc377fd46afd3ae71e1d50ba4786fd787e6fca6130d3a9dd49bb2fef8ab52ac62
- SSDEEP
  
  1536:FI/pZpTtdBtNKzvlSCCWawLhn2KwjAlsH3tsySGERzNvNhCZ0A:sZpTtdBtNKzvlSCesnmjL3tsySGERzVk
Score

1^/10
behavioral15 behavioral16
- Target
  
  Uses of Additional Files/WinAll/BeholdTV/bhkspex.x64
- Size
  
  103KB
- MD5
  
  d78686b8130fec68e1a75cec4d2962ae
- SHA1
  
  1816da02e7f8f678b11e4152d56b8af9a9c10469
- SHA256
  
  051be9377f04204ec5df434c451231bceca75b04c230b229160b3e27acfc4484
- SHA512
  
  883b89182b48018eea8d9dc77e65fadb769545579f175b5f4360f8d30669f32f748165310609b46c0bfdb628789b089f405aa94cc0a61d4221b83700706bdc44
- SSDEEP
  
  3072:p8N/5h8XgEu5C2QltfiNW/cp/gi/uRcEgZF0IIRlVNgZ:hmgi2RcEgHIRV
Score

8^/10

persistence
- Registers COM server for autorun
  persistence
behavioral17 behavioral18
- Target
  
  Uses of Additional Files/WinAll/BeholdTV/cx2310x.sys
- Size
  
  163KB
- MD5
  
  2da76725622c052da858f3a6765f124b
- SHA1
  
  06e8179916e5546da86e6b34ceafa82d32f4d707
- SHA256
  
  455c77df2f51eb8ec5e12f98a6ea2b783c3097635fe9343d8ec593c3c81d18ea
- SHA512
  
  b36694b9079ea4ae6103f5106069240ee563a27b06effbdf19b39b80435db1c0812c4499f1bda70ffd260f3e13778487657ad14ff5255c735303fe3dcd5ab087
- SSDEEP
  
  3072:fOMZ7TRsp0BTQpstZ2lkdKyuTyIEYAItyauA:fbZPR3+p6Zf3YAIc
Score

1^/10
behavioral19 behavioral20
- Target
  
  Uses of Additional Files/WinAll/BeholdTV/cxpolir.sys
- Size
  
  21KB
- MD5
  
  fa92979513968901734bf63801f7674a
- SHA1
  
  c93bf660c96276378a493beb93a5f273ef248863
- SHA256
  
  363d745974a2f2ef265b2ec070a01dad71265be993a2eacf7d0c9c8c909ec991
- SHA512
  
  713a81992e78d24fc5dc8b1f1f8975086be0f388bf943cf59996e1e4af0d88ee4e10fbf4b9c893a38313d31730cfe9d60d323c55aa14c09cddbfd8da72ead835
- SSDEEP
  
  384:VVuH11c3s0TrafD7rH1XUAV0RC5KuzNvvx0UOSaCKaFW7zQNnfiO5KQ:VVWM80SffTd7VgC5KuB/d0aq
Score

1^/10
behavioral21 behavioral22
- Target
  
  Uses of Additional Files/WinAll/BeholdTV/i386/bhkspex.dll
- Size
  
  86KB
- MD5
  
  99bb8bd22f57a326ec870207c83a2d49
- SHA1
  
  7e5f81b90538879d9f444cd8661cdb3b0e357d3b
- SHA256
  
  98ef16b6fb497105d0cc4e99f445f2053b65550d594d0368316fe6898d03093f
- SHA512
  
  d114f4f012a852daf0783a073b0568385c5f8057052caa4072f84a142c80a67bc377fd46afd3ae71e1d50ba4786fd787e6fca6130d3a9dd49bb2fef8ab52ac62
- SSDEEP
  
  1536:FI/pZpTtdBtNKzvlSCCWawLhn2KwjAlsH3tsySGERzNvNhCZ0A:sZpTtdBtNKzvlSCesnmjL3tsySGERzVk
Score

1^/10
behavioral23 behavioral24
- Target
  
  Uses of Additional Files/WinAll/BeholdTV/i386/cx2310x.sys
- Size
  
  163KB
- MD5
  
  2da76725622c052da858f3a6765f124b
- SHA1
  
  06e8179916e5546da86e6b34ceafa82d32f4d707
- SHA256
  
  455c77df2f51eb8ec5e12f98a6ea2b783c3097635fe9343d8ec593c3c81d18ea
- SHA512
  
  b36694b9079ea4ae6103f5106069240ee563a27b06effbdf19b39b80435db1c0812c4499f1bda70ffd260f3e13778487657ad14ff5255c735303fe3dcd5ab087
- SSDEEP
  
  3072:fOMZ7TRsp0BTQpstZ2lkdKyuTyIEYAItyauA:fbZPR3+p6Zf3YAIc
Score

1^/10
behavioral25 behavioral26
- Target
  
  Uses of Additional Files/WinAll/BeholdTV/i386/cxpolir.sys
- Size
  
  21KB
- MD5
  
  fa92979513968901734bf63801f7674a
- SHA1
  
  c93bf660c96276378a493beb93a5f273ef248863
- SHA256
  
  363d745974a2f2ef265b2ec070a01dad71265be993a2eacf7d0c9c8c909ec991
- SHA512
  
  713a81992e78d24fc5dc8b1f1f8975086be0f388bf943cf59996e1e4af0d88ee4e10fbf4b9c893a38313d31730cfe9d60d323c55aa14c09cddbfd8da72ead835
- SSDEEP
  
  384:VVuH11c3s0TrafD7rH1XUAV0RC5KuzNvvx0UOSaCKaFW7zQNnfiO5KQ:VVWM80SffTd7VgC5KuB/d0aq
Score

1^/10
behavioral27 behavioral28
- Target
  
  Uses of Additional Files/WinAll/BeholdTV/i386/saa713x.sys
- Size
  
  297KB
- MD5
  
  e954d8ded14b5dbfadb1d2689eac721e
- SHA1
  
  5fdee17a5423ee3e6dcd8a02e3331c8228a2920c
- SHA256
  
  9bf0be053a3d5ddf998c57c5e65c3c15bd967619b6da7e28a0d4050b0bf5d7a8
- SHA512
  
  2c971a3316948cbbc1ea46c15ad36c37c4647de98be0ef46a770b093e352f340d7e25a3e636988de9a1a4b6203a6ce443d8e7237f716b9fcea415efb6c54533b
- SSDEEP
  
  6144:4eYecihTQjRHCF31ZYNS+UGNSq2OIp/p/Z5prN6ZuZqe+YKM85vA:3YfihTQ1CmoMSVL0ZCqe+jS
Score

1^/10
behavioral29 behavioral30
- Target
  
  Uses of Additional Files/WinAll/BeholdTV/i386/saa7231.sys
- Size
  
  212KB
- MD5
  
  07dccd8ab55c9232f74e6c5c06014bc7
- SHA1
  
  e82233280c8e77ada8378ac63e10e1dd53b612cc
- SHA256
  
  6f2ee9cbef0a73d1694f47b0ff9a834cc995c5cced50f125a185139d56f041f2
- SHA512
  
  7a0083c58eeaa1e6323352c4b0a5ff3e74acfa1c95adbdec2e81765628a96e1adea7d8ab2c783463940135c239df46f2d449bf0fbf369daa97a3832684739a85
- SSDEEP
  
  3072:S25I9OOS0/p9nS7qOhr7t4LNoXHGzFHLeSCjauQk8CvHuxme/+Y9:SsIdt/LSZr7rGzFHLerjXQk8CC/N
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Registry Run Keys / Startup Folder

T1060

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Checks computer location settings

Deletes itself

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Maps connected drives based on registry

Registers COM server for autorun

Registers COM server for autorun

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32