General

  • Target

    6920aa5adac327d0b77bcbcf2c105098

  • Size

    701KB

  • Sample

    240120-br74bahahp

  • MD5

    6920aa5adac327d0b77bcbcf2c105098

  • SHA1

    750a44564b2a4f5199c3be46183ea7ed12215f29

  • SHA256

    b937f9098ea56ff4120f21634aaf765cd11f62950cbcf1f4727cc673785a9560

  • SHA512

    1257bea8df52390bc0a158eabb1a931340fefc18161884d4901ccc2a836d818ffe766850e23311885fdae315a7245303a35eb0970868506bb245fc92c6bb2aad

  • SSDEEP

    12288:u6i7jDNvrm737MOxTAc2NT0c7C4S5JfsZmjb2c36kMtEcZua+rCR8/6Pdfr84elm:zYvkz7Fm07Cwb2cjMScZua+rCR8aIXov

Malware Config

Extracted

Family

cryptbot

C2

fokuti41.top

morwiv04.top

Attributes
  • payload_url

    http://nybyoi06.top/download.php?file=lv.exe

Targets

    • Target

      6920aa5adac327d0b77bcbcf2c105098

    • Size

      701KB

    • MD5

      6920aa5adac327d0b77bcbcf2c105098

    • SHA1

      750a44564b2a4f5199c3be46183ea7ed12215f29

    • SHA256

      b937f9098ea56ff4120f21634aaf765cd11f62950cbcf1f4727cc673785a9560

    • SHA512

      1257bea8df52390bc0a158eabb1a931340fefc18161884d4901ccc2a836d818ffe766850e23311885fdae315a7245303a35eb0970868506bb245fc92c6bb2aad

    • SSDEEP

      12288:u6i7jDNvrm737MOxTAc2NT0c7C4S5JfsZmjb2c36kMtEcZua+rCR8/6Pdfr84elm:zYvkz7Fm07Cwb2cjMScZua+rCR8aIXov

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks