General

  • Target

    67f64deda3027f9fcdd4b5d9568d37ca

  • Size

    1.5MB

  • Sample

    240119-ssf5nahbd9

  • MD5

    67f64deda3027f9fcdd4b5d9568d37ca

  • SHA1

    a0282c1308618988507d893ff0cf4210f48b8434

  • SHA256

    4100053b3cc8236c5fefd63c3773e81c5daea40638bcafc588b2127d9a191670

  • SHA512

    1004cb0635793106001a6aae43f82c53f21e20a24ad19d0a7e7904cc86fd76dc39aad4b6d9397274f640bec196559cc781260e45f82e123297161d041d9aa3b8

  • SSDEEP

    49152:No/WVBIH536/5KXqU4lcv/BVHoj2RCtR3l:NoeVB4536/s6Ulvpt

Malware Config

Extracted

Family

cryptbot

C2

ewauhc58.top

morexn05.top

Attributes
  • payload_url

    http://winorm07.top/download.php?file=lv.exe

Targets

    • Target

      67f64deda3027f9fcdd4b5d9568d37ca

    • Size

      1.5MB

    • MD5

      67f64deda3027f9fcdd4b5d9568d37ca

    • SHA1

      a0282c1308618988507d893ff0cf4210f48b8434

    • SHA256

      4100053b3cc8236c5fefd63c3773e81c5daea40638bcafc588b2127d9a191670

    • SHA512

      1004cb0635793106001a6aae43f82c53f21e20a24ad19d0a7e7904cc86fd76dc39aad4b6d9397274f640bec196559cc781260e45f82e123297161d041d9aa3b8

    • SSDEEP

      49152:No/WVBIH536/5KXqU4lcv/BVHoj2RCtR3l:NoeVB4536/s6Ulvpt

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      Ecco.xlm

    • Size

      499B

    • MD5

      2aff5060ef4f5d995d554450516532bb

    • SHA1

      2fc0f1b6ead08bbca6241c95d72c85de0a2ca735

    • SHA256

      2f0a4a9283fb38f5f88376fa00844eb3141e1a0492ed42b38918df92c6f365e3

    • SHA512

      798d0d5f1bfbc18e094c80329b4ab873517165f986b1bacdaaf3558af72b54870be5e4055600127950eda52ae4dedba653f87354fc48ddc8c1c261cbd67b9f7a

    Score
    1/10
    • Target

      Par.xlm

    • Size

      634KB

    • MD5

      033e57418a4d3ad237d0a86cf85795ac

    • SHA1

      a97dbdbca7ff72e989a5c12f6c27743a36e9fd8a

    • SHA256

      de3fae37d1e8ddd6c2888f4729bf63daaaed6946a9b1ea8d120bb911245b5c26

    • SHA512

      18f5ce141e830efa2ceed5c246e8019f3da2296e90c438548ff4786b3e6bee85a51b634f5a2cd24e4801f495f14ddd47dd3fa012787f198e6e02b49312be928a

    • SSDEEP

      12288:Hkd3+x7eH3/6287yuJShBoCW2AKt6SE6DuvRPGjhnTFjHl7xyMR+9PEf+ZAV:H43+c3/E7yuMhBoZ2AKtRivYnNJxLREa

    Score
    1/10
    • Target

      Sommesso.xlm

    • Size

      697KB

    • MD5

      529d7087e5a2c24342f2f2f3d13526db

    • SHA1

      04c5c070272f851d1d1e1b9ba09ad43a8cd2db96

    • SHA256

      7d766f03577e7bc27034b4657858182a06e1c632fcf3c8ff8afea46937e1c9c9

    • SHA512

      e79c226c283da0e84a32e98972a18d95cbe90f41d80b8ae74162730ccc4424dfc694898721de9de955da2a986b95dc590388e1e5e2d9154df5155a39d5b8b99b

    • SSDEEP

      6144:hGiqEPh6WMYhb1SxMf8nHDz7nryCDsxJQXWPDvGKc9+K+C+8i+eB+8+XL5e6UCvB:s4UWH4i8njz7ryGQCXWPrGfPVe6fvcYl

    Score
    1/10
    • Target

      Vento.xlm

    • Size

      872KB

    • MD5

      7086a5eb43121ec9982a724df35038c9

    • SHA1

      a41da4521467cca2caf8bf4f125f2e9937ca6524

    • SHA256

      cc48df3aabd0cb33748c57ace9c163c1b14dc19a287717afa6c333345081aa1b

    • SHA512

      63eb0ad9cfe1634ddf1bcfed2307508dbfeaa1c9540fd62315e27cd1e1efdf8a5112992e582a877e66ce57540f113a49026a9eab82477273f6a1d65f79b35a52

    • SSDEEP

      12288:hpVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:hT3E53Myyzl0hMf1tr7Caw8M01

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks