Analysis
-
max time kernel
147s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
21-01-2024 19:12
Behavioral task
behavioral1
Sample
CrybtBot Sealer Unpacked.exe
Resource
win7-20231129-en
General
-
Target
CrybtBot Sealer Unpacked.exe
-
Size
280KB
-
MD5
681457fa460dff885eef657f166d5ef8
-
SHA1
44cac83393e0d6d083f0f2ae064090e2478f715b
-
SHA256
381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f
-
SHA512
369d299957327e6260f636933756054a0cd6ca78c4e585544aaac56c87fc6da8c9140e0ab0db51c601c06b95566ffa75d1f9699bc53369994eb0ab6d19eb2180
-
SSDEEP
6144:s068sLPlQBdpbFl37RYeuFAeQKWQcAfoOGCR/4jTHazM80WLXTT9Bvl:s068sLPlQBdpbFl3l0FAepWQcMdu+Ymt
Malware Config
Signatures
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
CrybtBot Sealer Unpacked.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 CrybtBot Sealer Unpacked.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString CrybtBot Sealer Unpacked.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46KB
MD571e3e9a7dbe692599f42e69e2a339aa3
SHA1119db87bca26e92ec2998b71741bc03f9f9b3208
SHA25653bb3362c03d3f11833d39e87514e3042c47254a924b0a5026bb2ab593da460d
SHA51251946eafd01dd9f7030e25a76ffe75d661e7fba4d0c13177de033e8e35b7b2437e2ed9b6d4c7d927c4a4b1c45f67330b5da442b44f8057bfe03d4981787c2b75
-
Filesize
7KB
MD5ffbaf590b3a978db27b64063bd483a13
SHA1549d598bde842ffa8f01aab1a8b13dd06c80574e
SHA25681355f8b39107c92b41564542c3c35b14080b763b6e68049ff7fd4f8c8d96245
SHA512bfcb4146799e9102ccd9790852795b3c962dc8297a8721dc5dcda526c5ac715fb7fa7f48e7f78ea997d897fed4f892a3d0f55bf920572222cb3aa37a45af3d69
-
Filesize
52KB
MD5c8eea9f39e76f8cfa4f4f27f0370933f
SHA14b0f7d29a21a193a392151b7c465c99ccdcd3cb4
SHA256043d9ae28eb69940535a586562945dc076f6992dced7e40b0b4a4cae7b52896c
SHA5129f47bd9c221e06d70bcdab5f1dbfd360aad4f97ab2b34a276c76beb6d1ecf68305ef4d1d3f1dfa73d8bd7768f3f1099753e597975aaf0588165124f4292e734e