General

  • Target

    519a5e8618177c423039f4e5c47aa27a

  • Size

    653KB

  • Sample

    240110-zsfx8ahba4

  • MD5

    519a5e8618177c423039f4e5c47aa27a

  • SHA1

    734edb3abad541d4236a41fd9f4d06cc36c3b29c

  • SHA256

    656dd9e677ea4da1892f14f0b38ca7d989d6d8a07d1ce3d1675cf2ff1b030653

  • SHA512

    8dd6542c8c6e26e781035d22eb511325f43f2ddf9a575b245987509c211c3c4b58e6e950d2196e1c7b7754bdc1603f3f2cb9bb1fffc792e14a101e35def7f31f

  • SSDEEP

    12288:ZcTh83Cp4M6Ujub6eDbLCnzm4WIUPH1L8MeKQA7mNjSRd:ZZ3CpowahIUFXezmRd

Malware Config

Extracted

Family

cryptbot

C2

lyssen62.top

morwaf06.top

Attributes
  • payload_url

    http://damliq08.top/download.php?file=lv.exe

Targets

    • Target

      519a5e8618177c423039f4e5c47aa27a

    • Size

      653KB

    • MD5

      519a5e8618177c423039f4e5c47aa27a

    • SHA1

      734edb3abad541d4236a41fd9f4d06cc36c3b29c

    • SHA256

      656dd9e677ea4da1892f14f0b38ca7d989d6d8a07d1ce3d1675cf2ff1b030653

    • SHA512

      8dd6542c8c6e26e781035d22eb511325f43f2ddf9a575b245987509c211c3c4b58e6e950d2196e1c7b7754bdc1603f3f2cb9bb1fffc792e14a101e35def7f31f

    • SSDEEP

      12288:ZcTh83Cp4M6Ujub6eDbLCnzm4WIUPH1L8MeKQA7mNjSRd:ZZ3CpowahIUFXezmRd

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks