General

  • Target

    335f90c29d9255fa1239707c5beb9600

  • Size

    1.4MB

  • Sample

    231231-m2p62abad3

  • MD5

    335f90c29d9255fa1239707c5beb9600

  • SHA1

    9fd4fe27fb41c97bd3288c29fc30af778302443c

  • SHA256

    5a1a8ce59103a53a79bab7db80b55ade80805711dad05d3e974d8f252bf53e2b

  • SHA512

    1df0f37f8014865fc7a4caf1c3335a355a17679fab612a30f82dcac87184be9f395b0060b95cef84a41b2a554834306171395e46c6d7e55a9c95ffdee254b765

  • SSDEEP

    24576:nfTe/ii2PVr6CtkgXpfWwRzyT3oDv3x0JkG8mmJFsPIhQRfVmaRFE2RxC0hkH:f2ii2Nr6afXVW4OT3CvymVr6DRf4aPE4

Malware Config

Extracted

Family

cryptbot

C2

ewazqx71.top

moraiw07.top

Attributes
  • payload_url

    http://winfyn10.top/download.php?file=lv.exe

Targets

    • Target

      335f90c29d9255fa1239707c5beb9600

    • Size

      1.4MB

    • MD5

      335f90c29d9255fa1239707c5beb9600

    • SHA1

      9fd4fe27fb41c97bd3288c29fc30af778302443c

    • SHA256

      5a1a8ce59103a53a79bab7db80b55ade80805711dad05d3e974d8f252bf53e2b

    • SHA512

      1df0f37f8014865fc7a4caf1c3335a355a17679fab612a30f82dcac87184be9f395b0060b95cef84a41b2a554834306171395e46c6d7e55a9c95ffdee254b765

    • SSDEEP

      24576:nfTe/ii2PVr6CtkgXpfWwRzyT3oDv3x0JkG8mmJFsPIhQRfVmaRFE2RxC0hkH:f2ii2Nr6afXVW4OT3CvymVr6DRf4aPE4

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks