General

  • Target

    52f166f6aeb75858dc1b2eddd57874f8

  • Size

    690KB

  • Sample

    240111-jls17scga5

  • MD5

    52f166f6aeb75858dc1b2eddd57874f8

  • SHA1

    b99cb20cc175ba699844410fe8848a2ddb710290

  • SHA256

    0ff144c6195170469fe4c678d394adf47a4d7b7e0c5a00d7282d284fe973bcb6

  • SHA512

    d5c2cbdc69a9e129d458aa6bd78c225ed230f102fa26c1b490b1f216feb88199a64d3666bd2f69c58888a6d7ca04773bcaf8e5be366df18bfb52566f12297a85

  • SSDEEP

    12288:qbZo5lhbUW+GqckAI951TSKa9xz37WNbr4gn1N1ebk9fb/C80K1Y9N2W:f53gSPTKNp1Tx/CR9N

Malware Config

Extracted

Family

cryptbot

C2

ewafal62.top

moruat06.top

Attributes
  • payload_url

    http://winazr08.top/download.php?file=lv.exe

Targets

    • Target

      52f166f6aeb75858dc1b2eddd57874f8

    • Size

      690KB

    • MD5

      52f166f6aeb75858dc1b2eddd57874f8

    • SHA1

      b99cb20cc175ba699844410fe8848a2ddb710290

    • SHA256

      0ff144c6195170469fe4c678d394adf47a4d7b7e0c5a00d7282d284fe973bcb6

    • SHA512

      d5c2cbdc69a9e129d458aa6bd78c225ed230f102fa26c1b490b1f216feb88199a64d3666bd2f69c58888a6d7ca04773bcaf8e5be366df18bfb52566f12297a85

    • SSDEEP

      12288:qbZo5lhbUW+GqckAI951TSKa9xz37WNbr4gn1N1ebk9fb/C80K1Y9N2W:f53gSPTKNp1Tx/CR9N

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks