General

  • Target

    6ec80a2e8194a457f2f555506986e490

  • Size

    610KB

  • Sample

    231226-pqr8csbgdp

  • MD5

    6ec80a2e8194a457f2f555506986e490

  • SHA1

    d561118b72aa3852bfd1f53d9813cd4c2fa8d50e

  • SHA256

    48ab70d33532409f5394c271fe0fba6234b15b36584234d5b595b9791972bec1

  • SHA512

    d142eab913e11d339c5f38603a98e84414f4dc71d0ad2a9e53b8a90486782313530955af22c3f222c2392e75c62c3b22dba653bc7071658c8713e2f9f109c4a1

  • SSDEEP

    12288:saPvmpW5Iq67dFPV75v9RUxz6hPuGnq/HETpnAnBvRmH88nKLw9:sSmpW5Indhve6hr0HETpnAnmznl9

Malware Config

Extracted

Family

cryptbot

C2

ewayab32.top

morxeg03.top

Attributes
  • payload_url

    http://winxob04.top/download.php?file=lv.exe

Targets

    • Target

      6ec80a2e8194a457f2f555506986e490

    • Size

      610KB

    • MD5

      6ec80a2e8194a457f2f555506986e490

    • SHA1

      d561118b72aa3852bfd1f53d9813cd4c2fa8d50e

    • SHA256

      48ab70d33532409f5394c271fe0fba6234b15b36584234d5b595b9791972bec1

    • SHA512

      d142eab913e11d339c5f38603a98e84414f4dc71d0ad2a9e53b8a90486782313530955af22c3f222c2392e75c62c3b22dba653bc7071658c8713e2f9f109c4a1

    • SSDEEP

      12288:saPvmpW5Iq67dFPV75v9RUxz6hPuGnq/HETpnAnBvRmH88nKLw9:sSmpW5Indhve6hr0HETpnAnmznl9

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks