General
-
Target
519a5e8618177c423039f4e5c47aa27a
-
Size
653KB
-
Sample
240110-zsfx8ahba4
-
MD5
519a5e8618177c423039f4e5c47aa27a
-
SHA1
734edb3abad541d4236a41fd9f4d06cc36c3b29c
-
SHA256
656dd9e677ea4da1892f14f0b38ca7d989d6d8a07d1ce3d1675cf2ff1b030653
-
SHA512
8dd6542c8c6e26e781035d22eb511325f43f2ddf9a575b245987509c211c3c4b58e6e950d2196e1c7b7754bdc1603f3f2cb9bb1fffc792e14a101e35def7f31f
-
SSDEEP
12288:ZcTh83Cp4M6Ujub6eDbLCnzm4WIUPH1L8MeKQA7mNjSRd:ZZ3CpowahIUFXezmRd
Static task
static1
Behavioral task
behavioral1
Sample
519a5e8618177c423039f4e5c47aa27a.exe
Resource
win7-20231215-en
Malware Config
Extracted
cryptbot
lyssen62.top
morwaf06.top
-
payload_url
http://damliq08.top/download.php?file=lv.exe
Targets
-
-
Target
519a5e8618177c423039f4e5c47aa27a
-
Size
653KB
-
MD5
519a5e8618177c423039f4e5c47aa27a
-
SHA1
734edb3abad541d4236a41fd9f4d06cc36c3b29c
-
SHA256
656dd9e677ea4da1892f14f0b38ca7d989d6d8a07d1ce3d1675cf2ff1b030653
-
SHA512
8dd6542c8c6e26e781035d22eb511325f43f2ddf9a575b245987509c211c3c4b58e6e950d2196e1c7b7754bdc1603f3f2cb9bb1fffc792e14a101e35def7f31f
-
SSDEEP
12288:ZcTh83Cp4M6Ujub6eDbLCnzm4WIUPH1L8MeKQA7mNjSRd:ZZ3CpowahIUFXezmRd
-
CryptBot payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-