cryptbot | sample1_JC[.]bin

Resubmissions

08/12/2023, 03:51

231208-eem46aha48 10

01/09/2023, 16:56

230901-vfxmzsgb4x 10

Sharing

Copy URL

Twitter E-mail

General

Target

sample1_JC.bin
Size

633KB
MD5

3b775a2ade2cda09f9fc6834198f7fb4
SHA1

fcb89edff62a1cf990ed3e8671fc2b86bda0b7bf
SHA256

e1af788f407983391c318781df706ec0c5a0f97b3c5a3824d37840b24c55abcd
SHA512

1468bfd6b27b70651ef08b50a150297c4672dc72ed5584f08ce20e77eab81f5ed9e0f64e9f2a04cdfadb1e202533ab2de7df3424795b80a91e5f0c7a3a867ea8
SSDEEP

12288:J6bXAh5glNu042nPAnFosGSutfIwM0hKiI57G6S8ZaXsQClnMNYkkSS1ZCJlXUCv:8/K57xS8oXZCWNYkkS+ZC/jqLOHciNHj

Score

10^/10

cryptbot

Malware Config

Extracted

Family

cryptbot

afrodeep22.top

Attributes

payload_url
http://weloadhh03.top/download.php?file=lv.exe

Signatures

CryptBot payload 1 IoCs

resource	yara_rule
sample	family_cryptbot

Cryptbot family
cryptbot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
sample1_JC.bin

Files

sample1_JC.bin
.exe windows x86

c838700c3a8538422412620272720299

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
GetLocaleInfoW
LocalAlloc
GetFileAttributesW
MultiByteToWideChar
GetFileAttributesA
CreateFileA
GetSystemInfo
LocalFree
GetFileSize
GetComputerNameW
GlobalMemoryStatusEx
WideCharToMultiByte
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetModuleFileNameW
OutputDebugStringW
FlushViewOfFile
WaitForSingleObjectEx
DeleteFileA
HeapReAlloc
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
CreateFileMappingA
LockFileEx
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
GetFileSizeEx
GetFileInformationByHandle
FileTimeToSystemTime
GetLocalTime
WriteConsoleW
GetConsoleCP
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindNextFileW
ExpandEnvironmentStringsW
FindFirstFileW
ExitProcess
DeleteFileW
Sleep
CreateDirectoryW
CloseHandle
GetPrivateProfileStringW
GetUserDefaultLocaleName
CreateFileW
SetFilePointer
ReadFile
FreeLibrary
GetProcAddress
LoadLibraryA
GetCommandLineW
GetCommandLineA
GetCPInfo
CopyFileW
GetFileAttributesExW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetTimeZoneInformation
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileType
GetStdHandle
GetModuleHandleExW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
InitializeSListHead
GetCurrentProcess
TerminateProcess
RtlUnwind
RaiseException
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
DecodePointer

user32

GetSystemMetrics
GetWindowRect
GetDesktopWindow
wsprintfW
GetWindowDC
GetKeyboardLayoutList

gdi32

BitBlt
SaveDC
SelectObject
CreateDIBSection
CreateCompatibleDC
GetDeviceCaps
DeleteDC
DeleteObject
RestoreDC

advapi32

GetUserNameW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW
RegQueryValueExW

shell32

ShellExecuteW
SHFileOperationW

crypt32

CryptUnprotectData

urlmon

URLDownloadToFileW

gdiplus

GdipAlloc
GdiplusStartup
GdipSaveImageToFile
GdipFree
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipCloneImage
GdipGetImageEncoders
GdiplusShutdown

wininet

InternetOpenW
InternetCloseHandle
HttpOpenRequestW
InternetConnectW
HttpSendRequestW

Sections

.text
Size: 517KB - Virtual size: 517KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

c838700c3a8538422412620272720299

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

crypt32

urlmon

gdiplus

wininet

Sections

.text Size: 517KB - Virtual size: 517KB

.rdata Size: 91KB - Virtual size: 91KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 517KB - Virtual size: 517KB

.rdata
Size: 91KB - Virtual size: 91KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 16KB - Virtual size: 16KB