General

  • Target

    6393577eccbb54f677ff7dd65c984807

  • Size

    3.0MB

  • Sample

    240117-zncp1afab8

  • MD5

    6393577eccbb54f677ff7dd65c984807

  • SHA1

    5020ec827081c486c32af374473d96ce5f4f30de

  • SHA256

    fb7f48daa45730568caa82cfa74c3c3a16130d2428ccef71eb266daa4146efde

  • SHA512

    81e6e3b90072454e6497e1622b6d43371ca3c43cb5a073364b9f9db1c85866b1b9614f56c0b5c970b456cba7ffd0a7e8ce490649ec189c52d234b5e7e68a6d28

  • SSDEEP

    49152:hU6pv81VrL49dOdL4hE+oQ2OkCe2OtIcm+H2w6JFqtEI8X3nUywRve:C6pJ9dO6hhofOkCCycm+WRJFnlNI

Malware Config

Extracted

Family

cryptbot

C2

fokfgl36.top

mortbo03.top

Attributes
  • payload_url

    http://nybaer04.top/download.php?file=lv.exe

Targets

    • Target

      6393577eccbb54f677ff7dd65c984807

    • Size

      3.0MB

    • MD5

      6393577eccbb54f677ff7dd65c984807

    • SHA1

      5020ec827081c486c32af374473d96ce5f4f30de

    • SHA256

      fb7f48daa45730568caa82cfa74c3c3a16130d2428ccef71eb266daa4146efde

    • SHA512

      81e6e3b90072454e6497e1622b6d43371ca3c43cb5a073364b9f9db1c85866b1b9614f56c0b5c970b456cba7ffd0a7e8ce490649ec189c52d234b5e7e68a6d28

    • SSDEEP

      49152:hU6pv81VrL49dOdL4hE+oQ2OkCe2OtIcm+H2w6JFqtEI8X3nUywRve:C6pJ9dO6hhofOkCCycm+WRJFnlNI

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks