General
-
Target
3436bc5cb6d4783a01dbfac2504343cb
-
Size
559KB
-
Sample
231231-nh5caafgh4
-
MD5
3436bc5cb6d4783a01dbfac2504343cb
-
SHA1
ab90b850b9eb00a034b5cbdce8c2a5abdd04b132
-
SHA256
0491af1e13f4b5d1725e5320e15d5aa0470d726418da43c6d08706d2f978d5ab
-
SHA512
2cccffb89620206653a8a48f28bebd6e62a85008346638809e743eccb40dd65058c837598a5e61fb5fdf1b62934672271c19499a4ff78b5321eaa5eac3c13eab
-
SSDEEP
12288:7KO7xpz80l/qX/nXut0dvnEUXrGvceCZwTsvsQ:9tqPn+t0dHrIceCZw
Static task
static1
Behavioral task
behavioral1
Sample
3436bc5cb6d4783a01dbfac2504343cb.exe
Resource
win7-20231215-en
Malware Config
Extracted
cryptbot
haiezf32.top
morcyr03.top
-
payload_url
http://zelstb04.top/download.php?file=lv.exe
Targets
-
-
Target
3436bc5cb6d4783a01dbfac2504343cb
-
Size
559KB
-
MD5
3436bc5cb6d4783a01dbfac2504343cb
-
SHA1
ab90b850b9eb00a034b5cbdce8c2a5abdd04b132
-
SHA256
0491af1e13f4b5d1725e5320e15d5aa0470d726418da43c6d08706d2f978d5ab
-
SHA512
2cccffb89620206653a8a48f28bebd6e62a85008346638809e743eccb40dd65058c837598a5e61fb5fdf1b62934672271c19499a4ff78b5321eaa5eac3c13eab
-
SSDEEP
12288:7KO7xpz80l/qX/nXut0dvnEUXrGvceCZwTsvsQ:9tqPn+t0dHrIceCZw
-
CryptBot payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-