General
-
Target
0a243f3bcd48078c69e5080e2c8cf1f0
-
Size
1.7MB
-
Sample
231224-wln4gaefd3
-
MD5
0a243f3bcd48078c69e5080e2c8cf1f0
-
SHA1
9046e28b04c31983df312e350286669b65b42b86
-
SHA256
4e29ffe34787f37b5663c5700c6538420b25c8bced47e82364428ba94f0e454e
-
SHA512
b4a0e76e160465d5fd892bce6e25adab9cc968b079b818c0c423f9635970156517319d237a7984c38c7e08b01cc90b6b39f6ccfeb849a25a1b94ee10f598a0a5
-
SSDEEP
49152:dOBb8KAbrZst6w7OXyG1L10faf6V3lQtMtLwTj:dOBQfZs0wiiGn0faiVVQtMqTj
Static task
static1
Behavioral task
behavioral1
Sample
0a243f3bcd48078c69e5080e2c8cf1f0.exe
Resource
win7-20231129-en
Malware Config
Extracted
cryptbot
smadyi56.top
morzie05.top
-
payload_url
http://gurqfo07.top/download.php?file=lv.exe
Targets
-
-
Target
0a243f3bcd48078c69e5080e2c8cf1f0
-
Size
1.7MB
-
MD5
0a243f3bcd48078c69e5080e2c8cf1f0
-
SHA1
9046e28b04c31983df312e350286669b65b42b86
-
SHA256
4e29ffe34787f37b5663c5700c6538420b25c8bced47e82364428ba94f0e454e
-
SHA512
b4a0e76e160465d5fd892bce6e25adab9cc968b079b818c0c423f9635970156517319d237a7984c38c7e08b01cc90b6b39f6ccfeb849a25a1b94ee10f598a0a5
-
SSDEEP
49152:dOBb8KAbrZst6w7OXyG1L10faf6V3lQtMtLwTj:dOBQfZs0wiiGn0faiVVQtMqTj
-
CryptBot payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-