General

  • Target

    2c4977f3e2a61cbc7ecdeec43113b0b8

  • Size

    1.5MB

  • Sample

    231225-tqa2asdgfk

  • MD5

    2c4977f3e2a61cbc7ecdeec43113b0b8

  • SHA1

    d5621843ee81e14a956dd18f1f2e05e7867d200d

  • SHA256

    a806f8e113496f38ba62684288d9ca209797bb6776030d6834f19070676e31f3

  • SHA512

    a07d19212900d829f9d6f12e10319a431fc5be2b55c3ff480231738cc72229255ad00d38b90f75c81db0f844f91c963874e7d4ee5af0cfa6061dafda037a7666

  • SSDEEP

    24576:JBS3he1qY6VpPuM8fdxg7DAfp5pvN7s89TNpTl82qcDl43YwS2f81w:JBKe4xseip5TF1NH82qcx4Iwk

Malware Config

Extracted

Family

cryptbot

C2

ewafve51.top

morexn05.top

Attributes
  • payload_url

    http://winorm07.top/download.php?file=lv.exe

Targets

    • Target

      2c4977f3e2a61cbc7ecdeec43113b0b8

    • Size

      1.5MB

    • MD5

      2c4977f3e2a61cbc7ecdeec43113b0b8

    • SHA1

      d5621843ee81e14a956dd18f1f2e05e7867d200d

    • SHA256

      a806f8e113496f38ba62684288d9ca209797bb6776030d6834f19070676e31f3

    • SHA512

      a07d19212900d829f9d6f12e10319a431fc5be2b55c3ff480231738cc72229255ad00d38b90f75c81db0f844f91c963874e7d4ee5af0cfa6061dafda037a7666

    • SSDEEP

      24576:JBS3he1qY6VpPuM8fdxg7DAfp5pvN7s89TNpTl82qcDl43YwS2f81w:JBKe4xseip5TF1NH82qcx4Iwk

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks