General

  • Target

    3906bd87156d29380e32e4aa14cdb61a

  • Size

    612KB

  • Sample

    231231-rb6tbacbg7

  • MD5

    3906bd87156d29380e32e4aa14cdb61a

  • SHA1

    46bae4add1c9a9c1816a3b762d9dd13a5dd102b8

  • SHA256

    199bbc42e66411fd345d097585df9bddba75ff75d0b927fc27d1259348f49793

  • SHA512

    d372f762d8e5753575682dbbae023657d474a0d8382298dc1f46d82588c0f5677e3c37750eabed5240c52b2223d6163e2bbee9757b4b2f68708b74ca81f07a58

  • SSDEEP

    12288:BR/Myxywm00uwkZLMWfc6CcCuG3jz7nWiYeA1wdtavtVPNZMFOi2:gyxywRe49C9uGnWiT3Ef

Malware Config

Extracted

Family

cryptbot

C2

knudin72.top

moreag07.top

Attributes
  • payload_url

    http://sarafc10.top/download.php?file=lv.exe

Targets

    • Target

      3906bd87156d29380e32e4aa14cdb61a

    • Size

      612KB

    • MD5

      3906bd87156d29380e32e4aa14cdb61a

    • SHA1

      46bae4add1c9a9c1816a3b762d9dd13a5dd102b8

    • SHA256

      199bbc42e66411fd345d097585df9bddba75ff75d0b927fc27d1259348f49793

    • SHA512

      d372f762d8e5753575682dbbae023657d474a0d8382298dc1f46d82588c0f5677e3c37750eabed5240c52b2223d6163e2bbee9757b4b2f68708b74ca81f07a58

    • SSDEEP

      12288:BR/Myxywm00uwkZLMWfc6CcCuG3jz7nWiYeA1wdtavtVPNZMFOi2:gyxywRe49C9uGnWiT3Ef

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks