General

  • Target

    0a243f3bcd48078c69e5080e2c8cf1f0

  • Size

    1.7MB

  • Sample

    231224-wln4gaefd3

  • MD5

    0a243f3bcd48078c69e5080e2c8cf1f0

  • SHA1

    9046e28b04c31983df312e350286669b65b42b86

  • SHA256

    4e29ffe34787f37b5663c5700c6538420b25c8bced47e82364428ba94f0e454e

  • SHA512

    b4a0e76e160465d5fd892bce6e25adab9cc968b079b818c0c423f9635970156517319d237a7984c38c7e08b01cc90b6b39f6ccfeb849a25a1b94ee10f598a0a5

  • SSDEEP

    49152:dOBb8KAbrZst6w7OXyG1L10faf6V3lQtMtLwTj:dOBQfZs0wiiGn0faiVVQtMqTj

Malware Config

Extracted

Family

cryptbot

C2

smadyi56.top

morzie05.top

Attributes
  • payload_url

    http://gurqfo07.top/download.php?file=lv.exe

Targets

    • Target

      0a243f3bcd48078c69e5080e2c8cf1f0

    • Size

      1.7MB

    • MD5

      0a243f3bcd48078c69e5080e2c8cf1f0

    • SHA1

      9046e28b04c31983df312e350286669b65b42b86

    • SHA256

      4e29ffe34787f37b5663c5700c6538420b25c8bced47e82364428ba94f0e454e

    • SHA512

      b4a0e76e160465d5fd892bce6e25adab9cc968b079b818c0c423f9635970156517319d237a7984c38c7e08b01cc90b6b39f6ccfeb849a25a1b94ee10f598a0a5

    • SSDEEP

      49152:dOBb8KAbrZst6w7OXyG1L10faf6V3lQtMtLwTj:dOBQfZs0wiiGn0faiVVQtMqTj

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks