General

  • Target

    350d886a144175863ceed4fb8d7b0169

  • Size

    1.4MB

  • Sample

    231231-nzpyxscdg6

  • MD5

    350d886a144175863ceed4fb8d7b0169

  • SHA1

    ed6103720d1bf439bc1fceec666a9f5c688681c6

  • SHA256

    776755ae4c35c3d48837ed063af2048359eb7a37abddb0157e766a66caf10395

  • SHA512

    08b3deaab958b1958d2561711c1d6e6276792a3c30cf334c3403cb3931080279d2ccafeb402f7921ade29caf65b28b54f21325de22df3f2df5e6d039dc98623f

  • SSDEEP

    24576:2gZodD1T96h1TiPNS8y9OJlRpyqWCqZLTLrbQZH7VK:QOzTiPNxy9upqJJLcHB

Malware Config

Extracted

Family

cryptbot

C2

haijwd23.top

morqoi02.top

Attributes
  • payload_url

    http://zelpdo03.top/download.php?file=lv.exe

Targets

    • Target

      350d886a144175863ceed4fb8d7b0169

    • Size

      1.4MB

    • MD5

      350d886a144175863ceed4fb8d7b0169

    • SHA1

      ed6103720d1bf439bc1fceec666a9f5c688681c6

    • SHA256

      776755ae4c35c3d48837ed063af2048359eb7a37abddb0157e766a66caf10395

    • SHA512

      08b3deaab958b1958d2561711c1d6e6276792a3c30cf334c3403cb3931080279d2ccafeb402f7921ade29caf65b28b54f21325de22df3f2df5e6d039dc98623f

    • SSDEEP

      24576:2gZodD1T96h1TiPNS8y9OJlRpyqWCqZLTLrbQZH7VK:QOzTiPNxy9upqJJLcHB

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks