General
-
Target
78f92ab7f036ac56b81b11c26bde3f04
-
Size
663KB
-
Sample
240127-cantsaagf9
-
MD5
78f92ab7f036ac56b81b11c26bde3f04
-
SHA1
487731245cf2d514d8500d41820ed05badccf9ab
-
SHA256
63634e6216314ba19543cd53527712010c3a1b9538b52081478072f2ef1fbbe8
-
SHA512
d343ea01d91a644fb032902af92c011803e6374ed0bcba76c8a06ac04079efead0fd46f09f75905fe2a56ce92eeca8837ff9399af0816ba1306c2b16d52e9ea9
-
SSDEEP
12288:ot9YDdx9JdlBCxLWa94q20dnp1yNh+LSVU1LkpgU502yuwnHXnlawOYYyMbX5VQq:ooXlBCxi+n8wLk+UauCXnEwYJjcXYx
Static task
static1
Behavioral task
behavioral1
Sample
78f92ab7f036ac56b81b11c26bde3f04.exe
Resource
win7-20231215-en
Malware Config
Extracted
cryptbot
ewafxq25.top
morzup02.top
-
payload_url
http://winqoz02.top/download.php?file=lv.exe
Targets
-
-
Target
78f92ab7f036ac56b81b11c26bde3f04
-
Size
663KB
-
MD5
78f92ab7f036ac56b81b11c26bde3f04
-
SHA1
487731245cf2d514d8500d41820ed05badccf9ab
-
SHA256
63634e6216314ba19543cd53527712010c3a1b9538b52081478072f2ef1fbbe8
-
SHA512
d343ea01d91a644fb032902af92c011803e6374ed0bcba76c8a06ac04079efead0fd46f09f75905fe2a56ce92eeca8837ff9399af0816ba1306c2b16d52e9ea9
-
SSDEEP
12288:ot9YDdx9JdlBCxLWa94q20dnp1yNh+LSVU1LkpgU502yuwnHXnlawOYYyMbX5VQq:ooXlBCxi+n8wLk+UauCXnEwYJjcXYx
-
CryptBot payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-