General

  • Target

    55c61c75644d75f6db561a8fb294876b

  • Size

    630KB

  • Sample

    240112-hme1ascaf7

  • MD5

    55c61c75644d75f6db561a8fb294876b

  • SHA1

    26c72345b1d08ca1f2078f071674dfd01610e313

  • SHA256

    0274cb61fea6621c4d2d7eced3bfc1fbf14d890024cc19a9e1c694693547a06b

  • SHA512

    8d52eea1b91249299e7e0abb754e4e2c26e1cdde755602926b24515d32c2d759b82a63a4dc42da209355b498de4232137d1e024a2706ce596d82f89a074eec8f

  • SSDEEP

    12288:VCGapkxc+9mXC7/KXw2cmLRs7ILVkwSxtafqaE:P4icGmu/KXjcmzLVkwaafq

Malware Config

Extracted

Family

cryptbot

C2

ewakyc72.top

moraiw07.top

Attributes
  • payload_url

    http://winfyn10.top/download.php?file=lv.exe

Targets

    • Target

      55c61c75644d75f6db561a8fb294876b

    • Size

      630KB

    • MD5

      55c61c75644d75f6db561a8fb294876b

    • SHA1

      26c72345b1d08ca1f2078f071674dfd01610e313

    • SHA256

      0274cb61fea6621c4d2d7eced3bfc1fbf14d890024cc19a9e1c694693547a06b

    • SHA512

      8d52eea1b91249299e7e0abb754e4e2c26e1cdde755602926b24515d32c2d759b82a63a4dc42da209355b498de4232137d1e024a2706ce596d82f89a074eec8f

    • SSDEEP

      12288:VCGapkxc+9mXC7/KXw2cmLRs7ILVkwSxtafqaE:P4icGmu/KXjcmzLVkwaafq

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks