cryptbot | 5473e0d77e484d6a54b783f0125376b82aba7d8383ccc23f67097e1724ec2504 | Triage

Submit
Reports

Overview

overview

Static

static

1

vCE68P.exe

windows10-2004-x64

Sharing

General

Target

vCE68P.exe
Size

2MB
Sample

230404-rfsggsfe37
MD5

de54e36c85a3a2aa558e10cc245a1882
SHA1

fdd29a2e136131837229e076210c217ffcaece8f
SHA256

5473e0d77e484d6a54b783f0125376b82aba7d8383ccc23f67097e1724ec2504
SHA512

b62758b5473397a4c51803c734ac30c4ebd2400f3a670cae591b9b07adbf35682d7bc3f69afc69e96d2f8ff373023ac0ab9ec1f5cd95fed8558dc71b98786e3b
SSDEEP

24576:gxkEq+BFKq4y+idbSbnH1Nu2gfDIMb152ZbA5mEHOHeGncUUkkhh5jwRCZ819p:gIq/B469CAXuHBn8Nj2

Score

10^/10

cryptbot discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

vCE68P.exe

Resource

win10v2004-20230221-en

cryptbot discovery spyware stealer

windows10-2004-x64

17 signatures

300 seconds

Malware Config

Extracted

Family

cryptbot

C2

http://tixalp22.top/gate.php

Attributes

payload_url
http://buqveo02.top/hading.dat

Targets

- Target
  
  vCE68P.exe
- Size
  
  2MB
- MD5
  
  de54e36c85a3a2aa558e10cc245a1882
- SHA1
  
  fdd29a2e136131837229e076210c217ffcaece8f
- SHA256
  
  5473e0d77e484d6a54b783f0125376b82aba7d8383ccc23f67097e1724ec2504
- SHA512
  
  b62758b5473397a4c51803c734ac30c4ebd2400f3a670cae591b9b07adbf35682d7bc3f69afc69e96d2f8ff373023ac0ab9ec1f5cd95fed8558dc71b98786e3b
- SSDEEP
  
  24576:gxkEq+BFKq4y+idbSbnH1Nu2gfDIMb152ZbA5mEHOHeGncUUkkhh5jwRCZ819p:gIq/B469CAXuHBn8Nj2
Score

10^/10

cryptbot discovery spyware stealer
- CryptBot
  A C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cryptbotdiscoveryspywarestealer

© 2018-2023

Terms | Privacy