General
-
Target
2c4977f3e2a61cbc7ecdeec43113b0b8
-
Size
1.5MB
-
Sample
231225-tqa2asdgfk
-
MD5
2c4977f3e2a61cbc7ecdeec43113b0b8
-
SHA1
d5621843ee81e14a956dd18f1f2e05e7867d200d
-
SHA256
a806f8e113496f38ba62684288d9ca209797bb6776030d6834f19070676e31f3
-
SHA512
a07d19212900d829f9d6f12e10319a431fc5be2b55c3ff480231738cc72229255ad00d38b90f75c81db0f844f91c963874e7d4ee5af0cfa6061dafda037a7666
-
SSDEEP
24576:JBS3he1qY6VpPuM8fdxg7DAfp5pvN7s89TNpTl82qcDl43YwS2f81w:JBKe4xseip5TF1NH82qcx4Iwk
Static task
static1
Behavioral task
behavioral1
Sample
2c4977f3e2a61cbc7ecdeec43113b0b8.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2c4977f3e2a61cbc7ecdeec43113b0b8.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
cryptbot
ewafve51.top
morexn05.top
-
payload_url
http://winorm07.top/download.php?file=lv.exe
Targets
-
-
Target
2c4977f3e2a61cbc7ecdeec43113b0b8
-
Size
1.5MB
-
MD5
2c4977f3e2a61cbc7ecdeec43113b0b8
-
SHA1
d5621843ee81e14a956dd18f1f2e05e7867d200d
-
SHA256
a806f8e113496f38ba62684288d9ca209797bb6776030d6834f19070676e31f3
-
SHA512
a07d19212900d829f9d6f12e10319a431fc5be2b55c3ff480231738cc72229255ad00d38b90f75c81db0f844f91c963874e7d4ee5af0cfa6061dafda037a7666
-
SSDEEP
24576:JBS3he1qY6VpPuM8fdxg7DAfp5pvN7s89TNpTl82qcDl43YwS2f81w:JBKe4xseip5TF1NH82qcx4Iwk
Score10/10-
CryptBot payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-