cryptbot

General

Target

28723c8476963fb39f5cbb3f894db81c
Size

3.3MB
Sample

231231-e8v2vsfba7
MD5

28723c8476963fb39f5cbb3f894db81c
SHA1

4c7be150576f8411c94d145b153aaf33db8930e6
SHA256

4571cb6a42768d962b83472fd0e0069e56df5e005f15c1479f046bdf65dece1a
SHA512

21a92d643fd88b5190d475c1aa893d890098c9d60f8a196d89d77a9286e531b3c8d6f699b150be1c3373f64161f9443fac8bae6de0fb4ed78211c52be76f22e6
SSDEEP

98304:yjgyUoRdfCLLHEGrHjikGE09vh6vJ7MZkuT:yj6oRAFrHjME09aJdk

Score

10^/10

Malware Config

Extracted

Family

nullmixer

C2

http://marisana.xyz/

Extracted

Family

smokeloader

Botnet

pub6

Extracted

Family

redline

Botnet

pab3

C2

185.215.113.15:61506

Extracted

Family

vidar

Version

40

Botnet

706

C2

https://lenak513.tumblr.com/

Attributes

profile_id
706

Extracted

Family

smokeloader

Version

2020

C2

http://aucmoney.com/upload/

http://thegymmum.com/upload/

http://atvcampingtrips.com/upload/

http://kuapakualaman.com/upload/

http://renatazarazua.com/upload/

http://nasufmutlu.com/upload/

rc4.i32

Extracted

Family

cryptbot

C2

knudqw18.top

morzku01.top

Attributes

payload_url
http://saryek01.top/download.php?file=lv.exe

Targets

- Target
  
  28723c8476963fb39f5cbb3f894db81c
- Size
  
  3.3MB
- MD5
  
  28723c8476963fb39f5cbb3f894db81c
- SHA1
  
  4c7be150576f8411c94d145b153aaf33db8930e6
- SHA256
  
  4571cb6a42768d962b83472fd0e0069e56df5e005f15c1479f046bdf65dece1a
- SHA512
  
  21a92d643fd88b5190d475c1aa893d890098c9d60f8a196d89d77a9286e531b3c8d6f699b150be1c3373f64161f9443fac8bae6de0fb4ed78211c52be76f22e6
- SSDEEP
  
  98304:yjgyUoRdfCLLHEGrHjikGE09vh6vJ7MZkuT:yj6oRAFrHjME09aJdk
Score

10^/10

cryptbot nullmixer privateloader redline sectoprat smokeloader vidar 706 pab3 pub6 aspackv2 backdoor dropper infostealer loader rat spyware stealer trojan
- CryptBot
  A C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- CryptBot payload
- NullMixer
  NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.
  dropper nullmixer
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar Stealer
  stealer
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

1

T1018

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

CryptBot payload

NullMixer

PrivateLoader

RedLine

RedLine payload

SectopRAT

SectopRAT payload

SmokeLoader

Vidar

Vidar Stealer

ASPack v2.12-2.42

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2