General
-
Target
2d090e48369efcdbebf9df5aed96857cd442509bb5f59e171f2b1b3cf1a56361.exe
-
Size
343KB
-
Sample
230716-sfd5jagc2x
-
MD5
5a0ea4aab5f283b5c7d234322e04c6ce
-
SHA1
33509a78863b9bd7385054aa5bc92b8ce4f1ab5f
-
SHA256
2d090e48369efcdbebf9df5aed96857cd442509bb5f59e171f2b1b3cf1a56361
-
SHA512
8f150303c90231188c72dacb873fc5b71c42f0730f75bfe61a388457329bae8985c86b83e5088e2a6813fcda0a383fb1e96cec49b8510d1700412c585438aaec
-
SSDEEP
6144:TQovZhTYZt0q9g4vYGDIIMJPdvQIZselS5OH8D7d0qthV07:ThxhYZt00gB6Ir1dImDS5T7d3zV0
Malware Config
Extracted
cryptbot
pacnqh62.top
morime06.top
-
payload_url
http://zukotm09.top/download.php?file=lv.exe
Targets
-
-
Target
2d090e48369efcdbebf9df5aed96857cd442509bb5f59e171f2b1b3cf1a56361.exe
-
Size
343KB
-
MD5
5a0ea4aab5f283b5c7d234322e04c6ce
-
SHA1
33509a78863b9bd7385054aa5bc92b8ce4f1ab5f
-
SHA256
2d090e48369efcdbebf9df5aed96857cd442509bb5f59e171f2b1b3cf1a56361
-
SHA512
8f150303c90231188c72dacb873fc5b71c42f0730f75bfe61a388457329bae8985c86b83e5088e2a6813fcda0a383fb1e96cec49b8510d1700412c585438aaec
-
SSDEEP
6144:TQovZhTYZt0q9g4vYGDIIMJPdvQIZselS5OH8D7d0qthV07:ThxhYZt00gB6Ir1dImDS5T7d3zV0
Score10/10-
CryptBot
A C++ stealer distributed widely in bundle with other software.
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-