General
-
Target
50c296575066f87cac60995fc36f2283
-
Size
1.5MB
-
Sample
240110-rer5bsgggn
-
MD5
50c296575066f87cac60995fc36f2283
-
SHA1
0f058485c10dbd26312f71ad60319bc97362a914
-
SHA256
e29a9d4153912e41bbd5afc00aa90e7612107708fe59ac05c1d9e8b184a254c5
-
SHA512
e3f352aee496bca5b7c37fc80ca2c3fd52d5cb190d51da5e62d4aa2a9bc2ea9a7aa3a8f0f8f45d94056f97289f03b6aedb8d1f7844c590df815dfa043acb8bee
-
SSDEEP
24576:c5rTNMBS+/dlYP2z9FEI/TXN8ad8XjzqKrhSEqcG0EUNvb8zkQXXc/3lLwiPb:6NoS+/QP2JFZTXN8/qe80EYgkQ8NLwi
Static task
static1
Behavioral task
behavioral1
Sample
50c296575066f87cac60995fc36f2283.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
50c296575066f87cac60995fc36f2283.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
cryptbot
ewavmp35.top
morxeg03.top
-
payload_url
http://winxob04.top/download.php?file=lv.exe
Targets
-
-
Target
50c296575066f87cac60995fc36f2283
-
Size
1.5MB
-
MD5
50c296575066f87cac60995fc36f2283
-
SHA1
0f058485c10dbd26312f71ad60319bc97362a914
-
SHA256
e29a9d4153912e41bbd5afc00aa90e7612107708fe59ac05c1d9e8b184a254c5
-
SHA512
e3f352aee496bca5b7c37fc80ca2c3fd52d5cb190d51da5e62d4aa2a9bc2ea9a7aa3a8f0f8f45d94056f97289f03b6aedb8d1f7844c590df815dfa043acb8bee
-
SSDEEP
24576:c5rTNMBS+/dlYP2z9FEI/TXN8ad8XjzqKrhSEqcG0EUNvb8zkQXXc/3lLwiPb:6NoS+/QP2JFZTXN8/qe80EYgkQ8NLwi
Score10/10-
CryptBot payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-