General
-
Target
f23000a51a7ac80b39bab71e83c3983a
-
Size
1.5MB
-
Sample
231228-x38pwagch9
-
MD5
f23000a51a7ac80b39bab71e83c3983a
-
SHA1
647a3ce6cfc9e4a4f5c952678d8c7bda038a14f5
-
SHA256
bd7020c913d0170d15354c8e693a4b2469d2332768ef477c702bd1c51e41887c
-
SHA512
e7193498cea1d3a56a4a207c3f94aff45b591d4dc95b2ba67830a1252dd79560b63c8abdb36216f90e74fae22123c38f82b606953551ca54f1b015ca987ee7f3
-
SSDEEP
24576:VyEptD7sRjWDFtr9xE8OoNTtfvJeqkIftCstIt2J5CNmfh8+IED471iuejTya:jZARsFtrTRbdtw4tC0LkyqED4xiuej
Static task
static1
Behavioral task
behavioral1
Sample
f23000a51a7ac80b39bab71e83c3983a.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
f23000a51a7ac80b39bab71e83c3983a.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
cryptbot
ewaqfe45.top
morjau04.top
-
payload_url
http://winhaf05.top/download.php?file=lv.exe
Targets
-
-
Target
f23000a51a7ac80b39bab71e83c3983a
-
Size
1.5MB
-
MD5
f23000a51a7ac80b39bab71e83c3983a
-
SHA1
647a3ce6cfc9e4a4f5c952678d8c7bda038a14f5
-
SHA256
bd7020c913d0170d15354c8e693a4b2469d2332768ef477c702bd1c51e41887c
-
SHA512
e7193498cea1d3a56a4a207c3f94aff45b591d4dc95b2ba67830a1252dd79560b63c8abdb36216f90e74fae22123c38f82b606953551ca54f1b015ca987ee7f3
-
SSDEEP
24576:VyEptD7sRjWDFtr9xE8OoNTtfvJeqkIftCstIt2J5CNmfh8+IED471iuejTya:jZARsFtrTRbdtw4tC0LkyqED4xiuej
Score10/10-
CryptBot payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-