General

  • Target

    2fa9185ceeb1d25e8bde77a4cf3f70d4

  • Size

    750KB

  • Sample

    231231-kq132sefb3

  • MD5

    2fa9185ceeb1d25e8bde77a4cf3f70d4

  • SHA1

    8106940df3869cbea44a8221a6ac313c054090b0

  • SHA256

    d4036c235fca73a67732d884564991184b7a8ea148784f0cd70fa07adbd8e160

  • SHA512

    2f0845ce6d19abf16300ffb599fc2b90f150114031e9cea21050792d302a5714108b1bdf42fa8ca499d2c3834e8dd7281e0a0dd3836b06e06f596e278d74ac5e

  • SSDEEP

    12288:SpeJF5qwAux8iLen10DKWU2T94IAvhvQ6EIobNILiqUZXhaDZXHfhFN:t5qwA84EKWU2x29Qp0Oha1XHx

Malware Config

Extracted

Family

cryptbot

C2

smarew72.top

moriwi07.top

Attributes
  • payload_url

    http://guruzo10.top/download.php?file=lv.exe

Targets

    • Target

      2fa9185ceeb1d25e8bde77a4cf3f70d4

    • Size

      750KB

    • MD5

      2fa9185ceeb1d25e8bde77a4cf3f70d4

    • SHA1

      8106940df3869cbea44a8221a6ac313c054090b0

    • SHA256

      d4036c235fca73a67732d884564991184b7a8ea148784f0cd70fa07adbd8e160

    • SHA512

      2f0845ce6d19abf16300ffb599fc2b90f150114031e9cea21050792d302a5714108b1bdf42fa8ca499d2c3834e8dd7281e0a0dd3836b06e06f596e278d74ac5e

    • SSDEEP

      12288:SpeJF5qwAux8iLen10DKWU2T94IAvhvQ6EIobNILiqUZXhaDZXHfhFN:t5qwA84EKWU2x29Qp0Oha1XHx

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks