General
-
Target
335f90c29d9255fa1239707c5beb9600
-
Size
1.4MB
-
Sample
231231-m2p62abad3
-
MD5
335f90c29d9255fa1239707c5beb9600
-
SHA1
9fd4fe27fb41c97bd3288c29fc30af778302443c
-
SHA256
5a1a8ce59103a53a79bab7db80b55ade80805711dad05d3e974d8f252bf53e2b
-
SHA512
1df0f37f8014865fc7a4caf1c3335a355a17679fab612a30f82dcac87184be9f395b0060b95cef84a41b2a554834306171395e46c6d7e55a9c95ffdee254b765
-
SSDEEP
24576:nfTe/ii2PVr6CtkgXpfWwRzyT3oDv3x0JkG8mmJFsPIhQRfVmaRFE2RxC0hkH:f2ii2Nr6afXVW4OT3CvymVr6DRf4aPE4
Static task
static1
Behavioral task
behavioral1
Sample
335f90c29d9255fa1239707c5beb9600.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
335f90c29d9255fa1239707c5beb9600.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
cryptbot
ewazqx71.top
moraiw07.top
-
payload_url
http://winfyn10.top/download.php?file=lv.exe
Targets
-
-
Target
335f90c29d9255fa1239707c5beb9600
-
Size
1.4MB
-
MD5
335f90c29d9255fa1239707c5beb9600
-
SHA1
9fd4fe27fb41c97bd3288c29fc30af778302443c
-
SHA256
5a1a8ce59103a53a79bab7db80b55ade80805711dad05d3e974d8f252bf53e2b
-
SHA512
1df0f37f8014865fc7a4caf1c3335a355a17679fab612a30f82dcac87184be9f395b0060b95cef84a41b2a554834306171395e46c6d7e55a9c95ffdee254b765
-
SSDEEP
24576:nfTe/ii2PVr6CtkgXpfWwRzyT3oDv3x0JkG8mmJFsPIhQRfVmaRFE2RxC0hkH:f2ii2Nr6afXVW4OT3CvymVr6DRf4aPE4
Score10/10-
CryptBot payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-