General
-
Target
0717b0716f92e0312ed1ef6e175a91ce
-
Size
1.7MB
-
Sample
231225-fwc6ysedb8
-
MD5
0717b0716f92e0312ed1ef6e175a91ce
-
SHA1
034c08e32001d6d8f9d8938989c7141b172c97a5
-
SHA256
040dbcbaa8017799c3f0e383ab3a12b996048c6fcf8b78e43ddb091e8d10b8ad
-
SHA512
264b3f794e1420d78892bedaac30443d4ae781f0e3955c7e2e5a60cf8f206947fbcb9e7a21e579bd0b5b5bd2b0982936f7a36e5ec3ed215d5b9664423ab91815
-
SSDEEP
49152:QJrVFFTlF5YGpMt+Au1cT/3YrO1eoAxV8I2v2a:QJrHFdbAlDIHoI3
Static task
static1
Behavioral task
behavioral1
Sample
0717b0716f92e0312ed1ef6e175a91ce.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0717b0716f92e0312ed1ef6e175a91ce.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
cryptbot
smajug75.top
moriwi07.top
-
payload_url
http://guruzo10.top/download.php?file=lv.exe
Targets
-
-
Target
0717b0716f92e0312ed1ef6e175a91ce
-
Size
1.7MB
-
MD5
0717b0716f92e0312ed1ef6e175a91ce
-
SHA1
034c08e32001d6d8f9d8938989c7141b172c97a5
-
SHA256
040dbcbaa8017799c3f0e383ab3a12b996048c6fcf8b78e43ddb091e8d10b8ad
-
SHA512
264b3f794e1420d78892bedaac30443d4ae781f0e3955c7e2e5a60cf8f206947fbcb9e7a21e579bd0b5b5bd2b0982936f7a36e5ec3ed215d5b9664423ab91815
-
SSDEEP
49152:QJrVFFTlF5YGpMt+Au1cT/3YrO1eoAxV8I2v2a:QJrHFdbAlDIHoI3
Score10/10-
CryptBot payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-