cryptbot | 36df8b2e878f5481a48e5178533fde7f38935082d93aeacc7a2c68a3d717f180 | Triage

Submit
Reports

Overview

overview

Static

static

3

New-Installer.exe

windows7-x64

New-Installer.exe

windows10-2004-x64

Sharing

General

Target

New-Installer.exe
Size

302MB
Sample

230628-nx1bwaac91
MD5

ca148d6e945fd7a500d94560c5caf767
SHA1

73d43ce3cde2667693d707f906c351ccb7cb5ca6
SHA256

36df8b2e878f5481a48e5178533fde7f38935082d93aeacc7a2c68a3d717f180
SHA512

7bc78269b69acbc7638fc02a1ae99c2fd326e1eed721fffb7b3c9f2d0e8c833a6f90c07410da305f9d7617a702b42d23a1768a40d5628b55f5006ad88c900403
SSDEEP

393216:eHdkXNSG/lVrl3KExL3JzATzC8WfeIRV:MkhpKOxk6

Score

10^/10

cryptbot discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

New-Installer.exe

Resource

win7-20230621-en

cryptbot discovery spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

New-Installer.exe

Resource

win10v2004-20230621-en

cryptbot discovery spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

cryptbot

C2

http://ythre3sr.top/gate.php

Targets

- Target
  
  New-Installer.exe
- Size
  
  302MB
- MD5
  
  ca148d6e945fd7a500d94560c5caf767
- SHA1
  
  73d43ce3cde2667693d707f906c351ccb7cb5ca6
- SHA256
  
  36df8b2e878f5481a48e5178533fde7f38935082d93aeacc7a2c68a3d717f180
- SHA512
  
  7bc78269b69acbc7638fc02a1ae99c2fd326e1eed721fffb7b3c9f2d0e8c833a6f90c07410da305f9d7617a702b42d23a1768a40d5628b55f5006ad88c900403
- SSDEEP
  
  393216:eHdkXNSG/lVrl3KExL3JzATzC8WfeIRV:MkhpKOxk6
Score

10^/10

cryptbot discovery spyware stealer
- CryptBot
  A C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cryptbotdiscoveryspywarestealer

behavioral2

cryptbotdiscoveryspywarestealer

© 2018-2023

Terms | Privacy