General

  • Target

    f23000a51a7ac80b39bab71e83c3983a.exe

  • Size

    1.5MB

  • Sample

    240109-w5s7jaffar

  • MD5

    f23000a51a7ac80b39bab71e83c3983a

  • SHA1

    647a3ce6cfc9e4a4f5c952678d8c7bda038a14f5

  • SHA256

    bd7020c913d0170d15354c8e693a4b2469d2332768ef477c702bd1c51e41887c

  • SHA512

    e7193498cea1d3a56a4a207c3f94aff45b591d4dc95b2ba67830a1252dd79560b63c8abdb36216f90e74fae22123c38f82b606953551ca54f1b015ca987ee7f3

  • SSDEEP

    24576:VyEptD7sRjWDFtr9xE8OoNTtfvJeqkIftCstIt2J5CNmfh8+IED471iuejTya:jZARsFtrTRbdtw4tC0LkyqED4xiuej

Malware Config

Extracted

Family

cryptbot

C2

ewaqfe45.top

morjau04.top

Attributes
  • payload_url

    http://winhaf05.top/download.php?file=lv.exe

Targets

    • Target

      f23000a51a7ac80b39bab71e83c3983a.exe

    • Size

      1.5MB

    • MD5

      f23000a51a7ac80b39bab71e83c3983a

    • SHA1

      647a3ce6cfc9e4a4f5c952678d8c7bda038a14f5

    • SHA256

      bd7020c913d0170d15354c8e693a4b2469d2332768ef477c702bd1c51e41887c

    • SHA512

      e7193498cea1d3a56a4a207c3f94aff45b591d4dc95b2ba67830a1252dd79560b63c8abdb36216f90e74fae22123c38f82b606953551ca54f1b015ca987ee7f3

    • SSDEEP

      24576:VyEptD7sRjWDFtr9xE8OoNTtfvJeqkIftCstIt2J5CNmfh8+IED471iuejTya:jZARsFtrTRbdtw4tC0LkyqED4xiuej

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks