General
-
Target
1d3dea03b5b6ac3d33d6ed8dc17b2bfa
-
Size
1.4MB
-
Sample
231225-aw1dlabgcq
-
MD5
1d3dea03b5b6ac3d33d6ed8dc17b2bfa
-
SHA1
01dea95fe21170dae1f4e4b61e2150969160f963
-
SHA256
86b0e49b72f426259ed49b272ae4bd28f51ce18b16d6cc6b4a40fa1a95ae8a7a
-
SHA512
1de19553816b49a1549ec1d2062654feed785e02119fe4bd19ce0a7f38359c7be2646f31b25921a97a055c4ab80219e988ccb51986c7be4612bad6c400a9fdc6
-
SSDEEP
24576:BPEls9gxVWMKvWMDxlou6LE9x+slOZ3uxrRcK1cnq+eeuLy4FdiNm/Ua/z4efh1f:BPElXo1vC+x0yCK8eJ5qNm/Ua/z4efho
Static task
static1
Behavioral task
behavioral1
Sample
1d3dea03b5b6ac3d33d6ed8dc17b2bfa.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
1d3dea03b5b6ac3d33d6ed8dc17b2bfa.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
cryptbot
ewabpl55.top
morexn05.top
-
payload_url
http://winorm07.top/download.php?file=lv.exe
Targets
-
-
Target
1d3dea03b5b6ac3d33d6ed8dc17b2bfa
-
Size
1.4MB
-
MD5
1d3dea03b5b6ac3d33d6ed8dc17b2bfa
-
SHA1
01dea95fe21170dae1f4e4b61e2150969160f963
-
SHA256
86b0e49b72f426259ed49b272ae4bd28f51ce18b16d6cc6b4a40fa1a95ae8a7a
-
SHA512
1de19553816b49a1549ec1d2062654feed785e02119fe4bd19ce0a7f38359c7be2646f31b25921a97a055c4ab80219e988ccb51986c7be4612bad6c400a9fdc6
-
SSDEEP
24576:BPEls9gxVWMKvWMDxlou6LE9x+slOZ3uxrRcK1cnq+eeuLy4FdiNm/Ua/z4efh1f:BPElXo1vC+x0yCK8eJ5qNm/Ua/z4efho
Score10/10-
CryptBot payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-