General
-
Target
350d886a144175863ceed4fb8d7b0169
-
Size
1.4MB
-
Sample
231231-nzpyxscdg6
-
MD5
350d886a144175863ceed4fb8d7b0169
-
SHA1
ed6103720d1bf439bc1fceec666a9f5c688681c6
-
SHA256
776755ae4c35c3d48837ed063af2048359eb7a37abddb0157e766a66caf10395
-
SHA512
08b3deaab958b1958d2561711c1d6e6276792a3c30cf334c3403cb3931080279d2ccafeb402f7921ade29caf65b28b54f21325de22df3f2df5e6d039dc98623f
-
SSDEEP
24576:2gZodD1T96h1TiPNS8y9OJlRpyqWCqZLTLrbQZH7VK:QOzTiPNxy9upqJJLcHB
Static task
static1
Behavioral task
behavioral1
Sample
350d886a144175863ceed4fb8d7b0169.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
350d886a144175863ceed4fb8d7b0169.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
cryptbot
haijwd23.top
morqoi02.top
-
payload_url
http://zelpdo03.top/download.php?file=lv.exe
Targets
-
-
Target
350d886a144175863ceed4fb8d7b0169
-
Size
1.4MB
-
MD5
350d886a144175863ceed4fb8d7b0169
-
SHA1
ed6103720d1bf439bc1fceec666a9f5c688681c6
-
SHA256
776755ae4c35c3d48837ed063af2048359eb7a37abddb0157e766a66caf10395
-
SHA512
08b3deaab958b1958d2561711c1d6e6276792a3c30cf334c3403cb3931080279d2ccafeb402f7921ade29caf65b28b54f21325de22df3f2df5e6d039dc98623f
-
SSDEEP
24576:2gZodD1T96h1TiPNS8y9OJlRpyqWCqZLTLrbQZH7VK:QOzTiPNxy9upqJJLcHB
Score10/10-
CryptBot payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-