General
-
Target
1313db05f0d346735901409c9744fbb2
-
Size
1.7MB
-
Sample
231225-kq5fgaefd2
-
MD5
1313db05f0d346735901409c9744fbb2
-
SHA1
8f453f22996b0d64d5f4308e4d0a3f12741bb5af
-
SHA256
d57c28e05a2924cf8113320efa41d79bcedd8d327f51de7e364a5cb984453290
-
SHA512
70b244da56efc533a8e80161b1c152b96f5f34fd4e7e6abe8a9e19ade9b0f4578e10cf9312c20d37a4eac68c75de47f2f1f1c17cde6a86a69b231d974ab030ab
-
SSDEEP
49152:Kkj/p1Vid8TS3RGL3vgSwVd7Tuoqo+EeZM:Zhni+mBGTvtwLvuoqlM
Static task
static1
Behavioral task
behavioral1
Sample
1313db05f0d346735901409c9744fbb2.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
1313db05f0d346735901409c9744fbb2.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
cryptbot
ewadgz11.top
morvay01.top
-
payload_url
http://winezo01.top/download.php?file=lv.exe
Targets
-
-
Target
1313db05f0d346735901409c9744fbb2
-
Size
1.7MB
-
MD5
1313db05f0d346735901409c9744fbb2
-
SHA1
8f453f22996b0d64d5f4308e4d0a3f12741bb5af
-
SHA256
d57c28e05a2924cf8113320efa41d79bcedd8d327f51de7e364a5cb984453290
-
SHA512
70b244da56efc533a8e80161b1c152b96f5f34fd4e7e6abe8a9e19ade9b0f4578e10cf9312c20d37a4eac68c75de47f2f1f1c17cde6a86a69b231d974ab030ab
-
SSDEEP
49152:Kkj/p1Vid8TS3RGL3vgSwVd7Tuoqo+EeZM:Zhni+mBGTvtwLvuoqlM
Score10/10-
CryptBot payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-