Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
21-01-2024 19:12
Behavioral task
behavioral1
Sample
CrybtBot Sealer Unpacked.bin.exe
Resource
win7-20231129-en
General
-
Target
CrybtBot Sealer Unpacked.bin.exe
-
Size
280KB
-
MD5
681457fa460dff885eef657f166d5ef8
-
SHA1
44cac83393e0d6d083f0f2ae064090e2478f715b
-
SHA256
381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f
-
SHA512
369d299957327e6260f636933756054a0cd6ca78c4e585544aaac56c87fc6da8c9140e0ab0db51c601c06b95566ffa75d1f9699bc53369994eb0ab6d19eb2180
-
SSDEEP
6144:s068sLPlQBdpbFl37RYeuFAeQKWQcAfoOGCR/4jTHazM80WLXTT9Bvl:s068sLPlQBdpbFl3l0FAepWQcMdu+Ymt
Malware Config
Signatures
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
CrybtBot Sealer Unpacked.bin.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString CrybtBot Sealer Unpacked.bin.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 CrybtBot Sealer Unpacked.bin.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5eefdf324433be1f74afe5bc3f5afeb66
SHA1ae8224de1c0acb0cd4b4d7fde551fc01b1fa3a05
SHA256cc7bdaf52a725f4a0ad63eec9f929e1063953ec3ba8c35f34cb8785a996ae558
SHA5121ca821ac80f2ec9e64251ca7e0bf47f4cefe2ef6d1540a4acdb7b4b60bccd42cbfdc87ced84ad6670c518b1c7d2afe8e896ec4e1b65fb5747b4572ebe569d29e
-
Filesize
3KB
MD516fb6d77a84fe0f138b88c90bc63ef34
SHA1d41283b1c2043507f04ed4e76e45aece964888e2
SHA256de10753eb6742b01e0574a9923849715872e4a709a2a11db4e0b5eb9ae8eccf7
SHA5127153ba53d5c865e384b8bfb1a7ea0c704c519e89e07b9eb36f5db22c1bcc28ad7c78e6e3820f3324f6e0acf47fcee2e2218ed53326fea7693baef114cee1b322
-
Filesize
4KB
MD52742fed9d53c07a8a38fe7a263bc6619
SHA1db578187fab788c1df0710e97846e636ebd3287a
SHA256bdc5922aabc1fffd1c0a7e0fd7ed3995843539cd157eafc121e29d50ee366358
SHA5128d173e84f2f5f0144789e80667c5bcd3ca354bd803de9a2536d1f7acc1655c75a19a2f5cd4ce74e84074efb91ee0821e63edc787857e48b15f3cd009ea7bb4a6
-
Filesize
50KB
MD5a7acd7169b8cbbde4bae2d1d0db4cf6e
SHA190e3788f56ba4102bdadf7dece62f97854b628e9
SHA2561f914d989660a6806a5bab5a3aad57a6d3102ade90cc3ef2184b5d6c0bb6ea61
SHA5125c89b6dfa89fd6f3cbf22916aaf34fe8f411712cc2a57c36a41c4e1645702139de1ab0fb6c54188584ff26c901eaab53581b4429c066ed3b92db537bd7ea96f9
-
Filesize
44KB
MD5bf71ccd395ecc672f9bdff362afbf2be
SHA189b62d61cac71629fd4befe04e0d3f867f7ea62b
SHA256b6774edcdf827e58a58f2d89c3900df72be1867048d15bb23567742a8e0a11c3
SHA5124fe5708bc7f1147be20819d2e1334e99c23e852a32a89202462d505704e72246550ca4542aa2c1fc195d16cf344ca71069baf66ab0b7705e86768c9a7941bddc