General

  • Target

    8434835aa84653edea3d33e1b5b31b98

  • Size

    1.5MB

  • Sample

    231226-w4xhkafgar

  • MD5

    8434835aa84653edea3d33e1b5b31b98

  • SHA1

    4b172c6d0e1de7723c3f1f0657a485e0e498f289

  • SHA256

    b3c673f83a5acafdea6d995ee24e6a180f5123cccf8d4d30f6e3b51cadbabd95

  • SHA512

    a10a54ef6d95a89cbc6008216f7f80da554b90ac8de839f19ac367b293a0fca0c0aa10b4fe8851387f34a4cc605f4039e82dc0676ab33f44bf4567e863a7b5d8

  • SSDEEP

    24576:VEHC0rfWIHRL9KPqs4+2Bjo6Ln30ovGO4P5rIxtiwF+cVrO8CDXlQi:L0jJHqPqsnUU6L30qGOgrIiwFq1Q

Malware Config

Extracted

Family

cryptbot

C2

ewaqfe45.top

morjau04.top

Attributes
  • payload_url

    http://winhaf05.top/download.php?file=lv.exe

Targets

    • Target

      8434835aa84653edea3d33e1b5b31b98

    • Size

      1.5MB

    • MD5

      8434835aa84653edea3d33e1b5b31b98

    • SHA1

      4b172c6d0e1de7723c3f1f0657a485e0e498f289

    • SHA256

      b3c673f83a5acafdea6d995ee24e6a180f5123cccf8d4d30f6e3b51cadbabd95

    • SHA512

      a10a54ef6d95a89cbc6008216f7f80da554b90ac8de839f19ac367b293a0fca0c0aa10b4fe8851387f34a4cc605f4039e82dc0676ab33f44bf4567e863a7b5d8

    • SSDEEP

      24576:VEHC0rfWIHRL9KPqs4+2Bjo6Ln30ovGO4P5rIxtiwF+cVrO8CDXlQi:L0jJHqPqsnUU6L30qGOgrIiwFq1Q

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks