General

  • Target

    01dff24348b7f75a6aee0b7e559c589d

  • Size

    1.7MB

  • Sample

    231224-r3jsvshadj

  • MD5

    01dff24348b7f75a6aee0b7e559c589d

  • SHA1

    cf444d7254b692f5c463ff493428539a2739269a

  • SHA256

    47645d9d542514f8130edba34dda2664a0f8c402e249d5ffc1a047b45c58ae0c

  • SHA512

    c33489549f04491a07ba3147d0de420495cd06d6d1229ea831d66a8b433637de12449d5b15eb5051c41e3abed103682b207e5f65e9ac5a95dc63016d45238ea2

  • SSDEEP

    49152:7xncOOOJdVBqDSjmWiKtWtNSm9JM/E5Ru7vn+2YYG:1cOOOJvBESuNSi2KqLY9

Malware Config

Extracted

Family

cryptbot

C2

ewamcd41.top

morjau04.top

Attributes
  • payload_url

    http://winhaf05.top/download.php?file=lv.exe

Targets

    • Target

      01dff24348b7f75a6aee0b7e559c589d

    • Size

      1.7MB

    • MD5

      01dff24348b7f75a6aee0b7e559c589d

    • SHA1

      cf444d7254b692f5c463ff493428539a2739269a

    • SHA256

      47645d9d542514f8130edba34dda2664a0f8c402e249d5ffc1a047b45c58ae0c

    • SHA512

      c33489549f04491a07ba3147d0de420495cd06d6d1229ea831d66a8b433637de12449d5b15eb5051c41e3abed103682b207e5f65e9ac5a95dc63016d45238ea2

    • SSDEEP

      49152:7xncOOOJdVBqDSjmWiKtWtNSm9JM/E5Ru7vn+2YYG:1cOOOJvBESuNSi2KqLY9

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks