General
-
Target
6c0f27024f875a94386862cfb5f0d2c8
-
Size
773KB
-
Sample
240121-cdx7macdhm
-
MD5
6c0f27024f875a94386862cfb5f0d2c8
-
SHA1
d104d6a3977eb2eff0a2ffdf6d6214fbfb25ce6e
-
SHA256
f2dae5d58761bc67d2fac18381a2ee7e61d5eea79c32c718a7b97ec183a2489a
-
SHA512
1f3aa6a4fa0b1ddfd009c5fcf901d51f16f9bd220ccfeb84cf9f457d3d54f5377e8e627578b5499b0726679771648bc7a56f4bff0c49a9e8d2391680ae2cdde4
-
SSDEEP
24576:FZxGgT1VmLaPXuQCyqph+y48dlT000Hp:8gTmbZhW8bTh0
Static task
static1
Behavioral task
behavioral1
Sample
6c0f27024f875a94386862cfb5f0d2c8.exe
Resource
win7-20231215-en
Malware Config
Extracted
cryptbot
ewaosm65.top
moruat06.top
-
payload_url
http://winazr08.top/download.php?file=lv.exe
Targets
-
-
Target
6c0f27024f875a94386862cfb5f0d2c8
-
Size
773KB
-
MD5
6c0f27024f875a94386862cfb5f0d2c8
-
SHA1
d104d6a3977eb2eff0a2ffdf6d6214fbfb25ce6e
-
SHA256
f2dae5d58761bc67d2fac18381a2ee7e61d5eea79c32c718a7b97ec183a2489a
-
SHA512
1f3aa6a4fa0b1ddfd009c5fcf901d51f16f9bd220ccfeb84cf9f457d3d54f5377e8e627578b5499b0726679771648bc7a56f4bff0c49a9e8d2391680ae2cdde4
-
SSDEEP
24576:FZxGgT1VmLaPXuQCyqph+y48dlT000Hp:8gTmbZhW8bTh0
-
CryptBot payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-