General

  • Target

    6c0f27024f875a94386862cfb5f0d2c8

  • Size

    773KB

  • Sample

    240121-cdx7macdhm

  • MD5

    6c0f27024f875a94386862cfb5f0d2c8

  • SHA1

    d104d6a3977eb2eff0a2ffdf6d6214fbfb25ce6e

  • SHA256

    f2dae5d58761bc67d2fac18381a2ee7e61d5eea79c32c718a7b97ec183a2489a

  • SHA512

    1f3aa6a4fa0b1ddfd009c5fcf901d51f16f9bd220ccfeb84cf9f457d3d54f5377e8e627578b5499b0726679771648bc7a56f4bff0c49a9e8d2391680ae2cdde4

  • SSDEEP

    24576:FZxGgT1VmLaPXuQCyqph+y48dlT000Hp:8gTmbZhW8bTh0

Malware Config

Extracted

Family

cryptbot

C2

ewaosm65.top

moruat06.top

Attributes
  • payload_url

    http://winazr08.top/download.php?file=lv.exe

Targets

    • Target

      6c0f27024f875a94386862cfb5f0d2c8

    • Size

      773KB

    • MD5

      6c0f27024f875a94386862cfb5f0d2c8

    • SHA1

      d104d6a3977eb2eff0a2ffdf6d6214fbfb25ce6e

    • SHA256

      f2dae5d58761bc67d2fac18381a2ee7e61d5eea79c32c718a7b97ec183a2489a

    • SHA512

      1f3aa6a4fa0b1ddfd009c5fcf901d51f16f9bd220ccfeb84cf9f457d3d54f5377e8e627578b5499b0726679771648bc7a56f4bff0c49a9e8d2391680ae2cdde4

    • SSDEEP

      24576:FZxGgT1VmLaPXuQCyqph+y48dlT000Hp:8gTmbZhW8bTh0

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks