Overview

overview

10

Static

static

KMS_Pico_F...up.zip

windows7-x64

1

KMS_Pico_F...up.zip

windows10-2004-x64

1

KMS_Pico_F...up.exe

windows7-x64

10

KMS_Pico_F...up.exe

windows10-2004-x64

1

Password.txt

windows7-x64

1

Password.txt

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    KMS_Pico_Full_Setup.zip

  • Size

    5.8MB

  • Sample

    230107-xtvfwsed45

  • MD5

    90b455e2e3bbaa07a74cfe90578a048b

  • SHA1

    a45b64f1e445a80652076b63f33c8d9dce701301

  • SHA256

    b6c0e5bc5d2d0d3b0003276c8d82a04d0c477ec14b39563039ad0397fb965246

  • SHA512

    1faa9241bc9c575e2589d1d4bc2b330e6980f7a5049269a26fd8035005d7c383d6bab8dc8847dce842f1fc03c008937088c1176031e5f932e5c0d74fde59dd56

  • SSDEEP

    98304:bmcZlIZoQtOt5B+YkED7aD8l4KZgI2tnJ6Ekca4FBmnA8Qqt+B8IhEMt2ABp2sbc:bV/SLaDG4ynJ6n4qnAKm8EsS2Ec

Score
10/10
cryptbotdiscoveryspywarestealer

Malware Config

Extracted

Family

cryptbot

C2

http://tyokqx24.top/gate.php

Targets

    • Target

      KMS_Pico_Full_Setup.zip

    • Size

      5.8MB

    • MD5

      90b455e2e3bbaa07a74cfe90578a048b

    • SHA1

      a45b64f1e445a80652076b63f33c8d9dce701301

    • SHA256

      b6c0e5bc5d2d0d3b0003276c8d82a04d0c477ec14b39563039ad0397fb965246

    • SHA512

      1faa9241bc9c575e2589d1d4bc2b330e6980f7a5049269a26fd8035005d7c383d6bab8dc8847dce842f1fc03c008937088c1176031e5f932e5c0d74fde59dd56

    • SSDEEP

      98304:bmcZlIZoQtOt5B+YkED7aD8l4KZgI2tnJ6Ekca4FBmnA8Qqt+B8IhEMt2ABp2sbc:bV/SLaDG4ynJ6n4qnAKm8EsS2Ec

    Score
    1/10
    behavioral1behavioral2

    • Target

      KMS_Pico_Full_Setup.exe

    • Size

      5.9MB

    • MD5

      250fe34b7c013d982f8884374a8161aa

    • SHA1

      008b03607a40c4a88c6ebf0d7cb7fd7e3c29193c

    • SHA256

      59017ddc02a5afc2642226d7f61280e41497eb8d0f5321dda5f1e8a794e543a8

    • SHA512

      0d86de3ae49a98a2104562e5ffd886c838fa6610f384f4501a6fb7ca816e0a75e6900379996998397f4eb93746cfc6ed5e85559865ad592f3685dd6cef0e27a6

    • SSDEEP

      98304:TbSTU/pyZYw9On/BuaSE19CjKHm4ZcGAp9zsogckWLhgZmSKWH+Bksx+mz2ABnYT:TWQhoJeNGAe9zszWOZm4gkEKOYQa

    Score
    10/10
    cryptbotdiscoveryspywarestealer

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

      spywarestealercryptbot

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral3behavioral4

    • Target

      Password.txt

    • Size

      18B

    • MD5

      c44669219a77bcb6e04ccc9a7dc8905b

    • SHA1

      cc10be56e2a5415ed3ed286734bee8f0741d92bd

    • SHA256

      8406e6d1a644f797995907ec0a18d8104d1e8c5ffac8f4f874c11e5d92aff969

    • SHA512

      2ea589c6612eaae6fdc3613df8438df4df92c76e39ba527f07477635d8e86ad4d473c941b77cadd3195cba4296ed3eb5d1f57c5b100279617b6a3399d880fbe2

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v6

Tasks