General

  • Target

    d666cd8c7f42cac1deb6f454fafdb554

  • Size

    3.0MB

  • Sample

    231222-sn9w6safd7

  • MD5

    d666cd8c7f42cac1deb6f454fafdb554

  • SHA1

    316c62d28993c34c73116ea45df2f3a6fae409ba

  • SHA256

    395ca42195bb7e32851fdbb30ff6386f3f89a590a491333d8c77f7a3c11b7a41

  • SHA512

    62ee47f255257e3608c8c21cfd13c2debc19056cc2aee163538b6b4317a08dbeba8bd40eda1ec7e07372a19f5404a1b084af603cb2afdf75edbbc2646202047d

  • SSDEEP

    98304:KUyCvKnx68W2l1vcwrfczCVXU2KAxZ25zYBi8:KUkx68dlnCCHZq78

Malware Config

Extracted

Family

cryptbot

C2

fokjzu65.top

morhaq06.top

Attributes
  • payload_url

    http://nybloc09.top/download.php?file=lv.exe

Targets

    • Target

      d666cd8c7f42cac1deb6f454fafdb554

    • Size

      3.0MB

    • MD5

      d666cd8c7f42cac1deb6f454fafdb554

    • SHA1

      316c62d28993c34c73116ea45df2f3a6fae409ba

    • SHA256

      395ca42195bb7e32851fdbb30ff6386f3f89a590a491333d8c77f7a3c11b7a41

    • SHA512

      62ee47f255257e3608c8c21cfd13c2debc19056cc2aee163538b6b4317a08dbeba8bd40eda1ec7e07372a19f5404a1b084af603cb2afdf75edbbc2646202047d

    • SSDEEP

      98304:KUyCvKnx68W2l1vcwrfczCVXU2KAxZ25zYBi8:KUkx68dlnCCHZq78

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks