General
-
Target
6dc81b421428a561e64da3e3d54e3994
-
Size
556KB
-
Sample
240121-xmfzxsgchj
-
MD5
6dc81b421428a561e64da3e3d54e3994
-
SHA1
947bba29bb9728131d43fe92fcd7d90b5d5a7d73
-
SHA256
05da0612d29c4c2d08bd90ca30551c109bd6501aae8fe06807f0864e26848637
-
SHA512
cc21a4bd46f9d6b0d7411cfd14a2159dee021c731c8f7ba556e6a843eec1a48faab11404fdd55dfceb849032965f85ba6d5c764bd0583b8d60ec8215c6ee19b1
-
SSDEEP
12288:RwLODyMNNU42SAL9Dwvkgmz+a6qqKFNF3ID5wTOlWi:RBDyMNNn2SuevkgUCqYm2Wi
Static task
static1
Behavioral task
behavioral1
Sample
6dc81b421428a561e64da3e3d54e3994.exe
Resource
win7-20231215-en
Malware Config
Extracted
cryptbot
lysano52.top
morecj05.top
-
payload_url
http://damyeb07.top/download.php?file=lv.exe
Targets
-
-
Target
6dc81b421428a561e64da3e3d54e3994
-
Size
556KB
-
MD5
6dc81b421428a561e64da3e3d54e3994
-
SHA1
947bba29bb9728131d43fe92fcd7d90b5d5a7d73
-
SHA256
05da0612d29c4c2d08bd90ca30551c109bd6501aae8fe06807f0864e26848637
-
SHA512
cc21a4bd46f9d6b0d7411cfd14a2159dee021c731c8f7ba556e6a843eec1a48faab11404fdd55dfceb849032965f85ba6d5c764bd0583b8d60ec8215c6ee19b1
-
SSDEEP
12288:RwLODyMNNU42SAL9Dwvkgmz+a6qqKFNF3ID5wTOlWi:RBDyMNNn2SuevkgUCqYm2Wi
-
CryptBot payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-