General

  • Target

    CrybtBot Sealer Unpacked.bin.exe

  • Size

    280KB

  • Sample

    240121-xwgykshbc4

  • MD5

    681457fa460dff885eef657f166d5ef8

  • SHA1

    44cac83393e0d6d083f0f2ae064090e2478f715b

  • SHA256

    381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f

  • SHA512

    369d299957327e6260f636933756054a0cd6ca78c4e585544aaac56c87fc6da8c9140e0ab0db51c601c06b95566ffa75d1f9699bc53369994eb0ab6d19eb2180

  • SSDEEP

    6144:s068sLPlQBdpbFl37RYeuFAeQKWQcAfoOGCR/4jTHazM80WLXTT9Bvl:s068sLPlQBdpbFl3l0FAepWQcMdu+Ymt

Malware Config

Extracted

Family

cryptbot

C2

unic16m.top

unic16e.top

Targets

    • Target

      CrybtBot Sealer Unpacked.bin.exe

    • Size

      280KB

    • MD5

      681457fa460dff885eef657f166d5ef8

    • SHA1

      44cac83393e0d6d083f0f2ae064090e2478f715b

    • SHA256

      381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f

    • SHA512

      369d299957327e6260f636933756054a0cd6ca78c4e585544aaac56c87fc6da8c9140e0ab0db51c601c06b95566ffa75d1f9699bc53369994eb0ab6d19eb2180

    • SSDEEP

      6144:s068sLPlQBdpbFl37RYeuFAeQKWQcAfoOGCR/4jTHazM80WLXTT9Bvl:s068sLPlQBdpbFl3l0FAepWQcMdu+Ymt

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks