General

  • Target

    3436bc5cb6d4783a01dbfac2504343cb

  • Size

    559KB

  • Sample

    231231-nh5caafgh4

  • MD5

    3436bc5cb6d4783a01dbfac2504343cb

  • SHA1

    ab90b850b9eb00a034b5cbdce8c2a5abdd04b132

  • SHA256

    0491af1e13f4b5d1725e5320e15d5aa0470d726418da43c6d08706d2f978d5ab

  • SHA512

    2cccffb89620206653a8a48f28bebd6e62a85008346638809e743eccb40dd65058c837598a5e61fb5fdf1b62934672271c19499a4ff78b5321eaa5eac3c13eab

  • SSDEEP

    12288:7KO7xpz80l/qX/nXut0dvnEUXrGvceCZwTsvsQ:9tqPn+t0dHrIceCZw

Malware Config

Extracted

Family

cryptbot

C2

haiezf32.top

morcyr03.top

Attributes
  • payload_url

    http://zelstb04.top/download.php?file=lv.exe

Targets

    • Target

      3436bc5cb6d4783a01dbfac2504343cb

    • Size

      559KB

    • MD5

      3436bc5cb6d4783a01dbfac2504343cb

    • SHA1

      ab90b850b9eb00a034b5cbdce8c2a5abdd04b132

    • SHA256

      0491af1e13f4b5d1725e5320e15d5aa0470d726418da43c6d08706d2f978d5ab

    • SHA512

      2cccffb89620206653a8a48f28bebd6e62a85008346638809e743eccb40dd65058c837598a5e61fb5fdf1b62934672271c19499a4ff78b5321eaa5eac3c13eab

    • SSDEEP

      12288:7KO7xpz80l/qX/nXut0dvnEUXrGvceCZwTsvsQ:9tqPn+t0dHrIceCZw

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks