General

  • Target

    1d3dea03b5b6ac3d33d6ed8dc17b2bfa

  • Size

    1.4MB

  • Sample

    231225-aw1dlabgcq

  • MD5

    1d3dea03b5b6ac3d33d6ed8dc17b2bfa

  • SHA1

    01dea95fe21170dae1f4e4b61e2150969160f963

  • SHA256

    86b0e49b72f426259ed49b272ae4bd28f51ce18b16d6cc6b4a40fa1a95ae8a7a

  • SHA512

    1de19553816b49a1549ec1d2062654feed785e02119fe4bd19ce0a7f38359c7be2646f31b25921a97a055c4ab80219e988ccb51986c7be4612bad6c400a9fdc6

  • SSDEEP

    24576:BPEls9gxVWMKvWMDxlou6LE9x+slOZ3uxrRcK1cnq+eeuLy4FdiNm/Ua/z4efh1f:BPElXo1vC+x0yCK8eJ5qNm/Ua/z4efho

Malware Config

Extracted

Family

cryptbot

C2

ewabpl55.top

morexn05.top

Attributes
  • payload_url

    http://winorm07.top/download.php?file=lv.exe

Targets

    • Target

      1d3dea03b5b6ac3d33d6ed8dc17b2bfa

    • Size

      1.4MB

    • MD5

      1d3dea03b5b6ac3d33d6ed8dc17b2bfa

    • SHA1

      01dea95fe21170dae1f4e4b61e2150969160f963

    • SHA256

      86b0e49b72f426259ed49b272ae4bd28f51ce18b16d6cc6b4a40fa1a95ae8a7a

    • SHA512

      1de19553816b49a1549ec1d2062654feed785e02119fe4bd19ce0a7f38359c7be2646f31b25921a97a055c4ab80219e988ccb51986c7be4612bad6c400a9fdc6

    • SSDEEP

      24576:BPEls9gxVWMKvWMDxlou6LE9x+slOZ3uxrRcK1cnq+eeuLy4FdiNm/Ua/z4efh1f:BPElXo1vC+x0yCK8eJ5qNm/Ua/z4efho

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks