General
-
Target
01dff24348b7f75a6aee0b7e559c589d
-
Size
1.7MB
-
Sample
231225-dmbknagfg5
-
MD5
01dff24348b7f75a6aee0b7e559c589d
-
SHA1
cf444d7254b692f5c463ff493428539a2739269a
-
SHA256
47645d9d542514f8130edba34dda2664a0f8c402e249d5ffc1a047b45c58ae0c
-
SHA512
c33489549f04491a07ba3147d0de420495cd06d6d1229ea831d66a8b433637de12449d5b15eb5051c41e3abed103682b207e5f65e9ac5a95dc63016d45238ea2
-
SSDEEP
49152:7xncOOOJdVBqDSjmWiKtWtNSm9JM/E5Ru7vn+2YYG:1cOOOJvBESuNSi2KqLY9
Static task
static1
Behavioral task
behavioral1
Sample
01dff24348b7f75a6aee0b7e559c589d.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
01dff24348b7f75a6aee0b7e559c589d.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
cryptbot
ewamcd41.top
morjau04.top
-
payload_url
http://winhaf05.top/download.php?file=lv.exe
Targets
-
-
Target
01dff24348b7f75a6aee0b7e559c589d
-
Size
1.7MB
-
MD5
01dff24348b7f75a6aee0b7e559c589d
-
SHA1
cf444d7254b692f5c463ff493428539a2739269a
-
SHA256
47645d9d542514f8130edba34dda2664a0f8c402e249d5ffc1a047b45c58ae0c
-
SHA512
c33489549f04491a07ba3147d0de420495cd06d6d1229ea831d66a8b433637de12449d5b15eb5051c41e3abed103682b207e5f65e9ac5a95dc63016d45238ea2
-
SSDEEP
49152:7xncOOOJdVBqDSjmWiKtWtNSm9JM/E5Ru7vn+2YYG:1cOOOJvBESuNSi2KqLY9
Score10/10-
CryptBot payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-