General

  • Target

    b16c0c978e88e21604804a50400e46af

  • Size

    251KB

  • Sample

    231222-q7xpvadddm

  • MD5

    b16c0c978e88e21604804a50400e46af

  • SHA1

    f2b408e552b0ca0d72a18651d8cf0a57cb21d806

  • SHA256

    7a380970e44dea7a579e0231b079e766cac89c1417022839f0161cb3638b37d1

  • SHA512

    8d7315ac35703fc49393b5ef76e4b4aea01f6c3870a74e426dec04a74e9ecdafa70758574954f2209780cd3bca1ee949c0c375e882120c36fd8ebf3be2e023a2

  • SSDEEP

    3072:ParzRJ+yBeZmZRhRsMwsM55WCoZOi3Cy+3+EwTlDdB9Qh/ZiwO6CKduHHls5z3qS:zyBGWs/sE5WR9H+hONdB9MZiwYvFa3o

Malware Config

Extracted

Family

cryptbot

C2

rasctx32.top

moryei03.top

Attributes
  • payload_url

    http://eloqos04.top/download.php?file=lv.exe

Targets

    • Target

      b16c0c978e88e21604804a50400e46af

    • Size

      251KB

    • MD5

      b16c0c978e88e21604804a50400e46af

    • SHA1

      f2b408e552b0ca0d72a18651d8cf0a57cb21d806

    • SHA256

      7a380970e44dea7a579e0231b079e766cac89c1417022839f0161cb3638b37d1

    • SHA512

      8d7315ac35703fc49393b5ef76e4b4aea01f6c3870a74e426dec04a74e9ecdafa70758574954f2209780cd3bca1ee949c0c375e882120c36fd8ebf3be2e023a2

    • SSDEEP

      3072:ParzRJ+yBeZmZRhRsMwsM55WCoZOi3Cy+3+EwTlDdB9Qh/ZiwO6CKduHHls5z3qS:zyBGWs/sE5WR9H+hONdB9MZiwYvFa3o

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks