General
-
Target
KMSpico.rar
-
Size
12MB
-
Sample
230701-1aeg4shf63
-
MD5
cd945cee1335de0bde64b03a1b7fec85
-
SHA1
1ddbe2ae24cfb47c8a1f024b743d3f950b9ddaa4
-
SHA256
2da0d44dd5fce400474d6adbf5ddafbfabce683b7adcc74cf9886106e42540b1
-
SHA512
5d4ae7e0e562e3fb13134d75b54e6682665739a8a1b3ac63019d8af79bc241a4a984e974cecb296c37d3f3f27313b90115dd2903da71023fb91a4f8cb86a10ec
-
SSDEEP
393216:Hr/TJ1utNQHin8MFLt41j+Z54Ksxn1DMa8dPLze1:HzN1uGin8MF2Z+ZOhf89e1
Malware Config
Extracted
cryptbot
http://tseven7sb.top/gate.php
Targets
-
-
Target
KMSpico.rar
-
Size
12MB
-
MD5
cd945cee1335de0bde64b03a1b7fec85
-
SHA1
1ddbe2ae24cfb47c8a1f024b743d3f950b9ddaa4
-
SHA256
2da0d44dd5fce400474d6adbf5ddafbfabce683b7adcc74cf9886106e42540b1
-
SHA512
5d4ae7e0e562e3fb13134d75b54e6682665739a8a1b3ac63019d8af79bc241a4a984e974cecb296c37d3f3f27313b90115dd2903da71023fb91a4f8cb86a10ec
-
SSDEEP
393216:Hr/TJ1utNQHin8MFLt41j+Z54Ksxn1DMa8dPLze1:HzN1uGin8MF2Z+ZOhf89e1
Score10/10-
CryptBot
A C++ stealer distributed widely in bundle with other software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Detected potential entity reuse from brand microsoft.
-