General

  • Target

    6dc81b421428a561e64da3e3d54e3994

  • Size

    556KB

  • Sample

    240121-xmfzxsgchj

  • MD5

    6dc81b421428a561e64da3e3d54e3994

  • SHA1

    947bba29bb9728131d43fe92fcd7d90b5d5a7d73

  • SHA256

    05da0612d29c4c2d08bd90ca30551c109bd6501aae8fe06807f0864e26848637

  • SHA512

    cc21a4bd46f9d6b0d7411cfd14a2159dee021c731c8f7ba556e6a843eec1a48faab11404fdd55dfceb849032965f85ba6d5c764bd0583b8d60ec8215c6ee19b1

  • SSDEEP

    12288:RwLODyMNNU42SAL9Dwvkgmz+a6qqKFNF3ID5wTOlWi:RBDyMNNn2SuevkgUCqYm2Wi

Malware Config

Extracted

Family

cryptbot

C2

lysano52.top

morecj05.top

Attributes
  • payload_url

    http://damyeb07.top/download.php?file=lv.exe

Targets

    • Target

      6dc81b421428a561e64da3e3d54e3994

    • Size

      556KB

    • MD5

      6dc81b421428a561e64da3e3d54e3994

    • SHA1

      947bba29bb9728131d43fe92fcd7d90b5d5a7d73

    • SHA256

      05da0612d29c4c2d08bd90ca30551c109bd6501aae8fe06807f0864e26848637

    • SHA512

      cc21a4bd46f9d6b0d7411cfd14a2159dee021c731c8f7ba556e6a843eec1a48faab11404fdd55dfceb849032965f85ba6d5c764bd0583b8d60ec8215c6ee19b1

    • SSDEEP

      12288:RwLODyMNNU42SAL9Dwvkgmz+a6qqKFNF3ID5wTOlWi:RBDyMNNn2SuevkgUCqYm2Wi

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks