General
-
Target
Install_setup.zip
-
Size
9MB
-
Sample
230628-brpa7sfh57
-
MD5
27d9427234b741161b0c8f33ce9106d8
-
SHA1
2fde824883ecf9dbfef79a37c10a20fd9a4cbea5
-
SHA256
d5b90dfb2bdd5d48559202c32749c144fce55eed3889f8786dae3357846a54cd
-
SHA512
7bed75dec86c11e85fc351ac479e691f40c937df208f28be4b445ce815283f058ca2cef1a26843063109a5722ddf58e66026c09284b54f2078604bcadc8f43e6
-
SSDEEP
196608:jJm4pq26Vuzs6r2ylcc/iRheYPAL9qOmFQhKnC5B2GL7A:jJjpq26vy2yic/ihPAh1uQhzBjL7A
Malware Config
Extracted
cryptbot
http://yeit8sr.top/gate.php
Targets
-
-
Target
Install_setup.exe
-
Size
302MB
-
MD5
fbcbb8765b5781ebfa194c2b1ca32255
-
SHA1
1aeac0a518bb11fe9e0d4dd9f6e21571acfc81e1
-
SHA256
2204c7432974a9b269b8a33ea81ec65bf5b4481817c259b78398be5ef93f0392
-
SHA512
3ca1ed0ca9f3c444fedc1518a45b2e011d53c502018c066c906455399d98b32f021ed2c19659774461ad61e58d71804cf2025e8d06a5454e1d3f2ded8abe2ee7
-
SSDEEP
196608:e9wAJhlIhtG+54LbcQCcHsJcQvQaT0u5SHvOYDMVByQyVG/uzGNVyAl3:rAi53QCcv6QaAu5SVDMTNSG/lVrl3
Score10/10-
CryptBot
A C++ stealer distributed widely in bundle with other software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-