General
-
Target
55c61c75644d75f6db561a8fb294876b
-
Size
630KB
-
Sample
240112-hme1ascaf7
-
MD5
55c61c75644d75f6db561a8fb294876b
-
SHA1
26c72345b1d08ca1f2078f071674dfd01610e313
-
SHA256
0274cb61fea6621c4d2d7eced3bfc1fbf14d890024cc19a9e1c694693547a06b
-
SHA512
8d52eea1b91249299e7e0abb754e4e2c26e1cdde755602926b24515d32c2d759b82a63a4dc42da209355b498de4232137d1e024a2706ce596d82f89a074eec8f
-
SSDEEP
12288:VCGapkxc+9mXC7/KXw2cmLRs7ILVkwSxtafqaE:P4icGmu/KXjcmzLVkwaafq
Static task
static1
Behavioral task
behavioral1
Sample
55c61c75644d75f6db561a8fb294876b.exe
Resource
win7-20231129-en
Malware Config
Extracted
cryptbot
ewakyc72.top
moraiw07.top
-
payload_url
http://winfyn10.top/download.php?file=lv.exe
Targets
-
-
Target
55c61c75644d75f6db561a8fb294876b
-
Size
630KB
-
MD5
55c61c75644d75f6db561a8fb294876b
-
SHA1
26c72345b1d08ca1f2078f071674dfd01610e313
-
SHA256
0274cb61fea6621c4d2d7eced3bfc1fbf14d890024cc19a9e1c694693547a06b
-
SHA512
8d52eea1b91249299e7e0abb754e4e2c26e1cdde755602926b24515d32c2d759b82a63a4dc42da209355b498de4232137d1e024a2706ce596d82f89a074eec8f
-
SSDEEP
12288:VCGapkxc+9mXC7/KXw2cmLRs7ILVkwSxtafqaE:P4icGmu/KXjcmzLVkwaafq
-
CryptBot payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-