General
-
Target
52f166f6aeb75858dc1b2eddd57874f8
-
Size
690KB
-
Sample
240111-jls17scga5
-
MD5
52f166f6aeb75858dc1b2eddd57874f8
-
SHA1
b99cb20cc175ba699844410fe8848a2ddb710290
-
SHA256
0ff144c6195170469fe4c678d394adf47a4d7b7e0c5a00d7282d284fe973bcb6
-
SHA512
d5c2cbdc69a9e129d458aa6bd78c225ed230f102fa26c1b490b1f216feb88199a64d3666bd2f69c58888a6d7ca04773bcaf8e5be366df18bfb52566f12297a85
-
SSDEEP
12288:qbZo5lhbUW+GqckAI951TSKa9xz37WNbr4gn1N1ebk9fb/C80K1Y9N2W:f53gSPTKNp1Tx/CR9N
Static task
static1
Behavioral task
behavioral1
Sample
52f166f6aeb75858dc1b2eddd57874f8.exe
Resource
win7-20231215-en
Malware Config
Extracted
cryptbot
ewafal62.top
moruat06.top
-
payload_url
http://winazr08.top/download.php?file=lv.exe
Targets
-
-
Target
52f166f6aeb75858dc1b2eddd57874f8
-
Size
690KB
-
MD5
52f166f6aeb75858dc1b2eddd57874f8
-
SHA1
b99cb20cc175ba699844410fe8848a2ddb710290
-
SHA256
0ff144c6195170469fe4c678d394adf47a4d7b7e0c5a00d7282d284fe973bcb6
-
SHA512
d5c2cbdc69a9e129d458aa6bd78c225ed230f102fa26c1b490b1f216feb88199a64d3666bd2f69c58888a6d7ca04773bcaf8e5be366df18bfb52566f12297a85
-
SSDEEP
12288:qbZo5lhbUW+GqckAI951TSKa9xz37WNbr4gn1N1ebk9fb/C80K1Y9N2W:f53gSPTKNp1Tx/CR9N
-
CryptBot payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-