General

  • Target

    78f92ab7f036ac56b81b11c26bde3f04

  • Size

    663KB

  • Sample

    240127-cantsaagf9

  • MD5

    78f92ab7f036ac56b81b11c26bde3f04

  • SHA1

    487731245cf2d514d8500d41820ed05badccf9ab

  • SHA256

    63634e6216314ba19543cd53527712010c3a1b9538b52081478072f2ef1fbbe8

  • SHA512

    d343ea01d91a644fb032902af92c011803e6374ed0bcba76c8a06ac04079efead0fd46f09f75905fe2a56ce92eeca8837ff9399af0816ba1306c2b16d52e9ea9

  • SSDEEP

    12288:ot9YDdx9JdlBCxLWa94q20dnp1yNh+LSVU1LkpgU502yuwnHXnlawOYYyMbX5VQq:ooXlBCxi+n8wLk+UauCXnEwYJjcXYx

Malware Config

Extracted

Family

cryptbot

C2

ewafxq25.top

morzup02.top

Attributes
  • payload_url

    http://winqoz02.top/download.php?file=lv.exe

Targets

    • Target

      78f92ab7f036ac56b81b11c26bde3f04

    • Size

      663KB

    • MD5

      78f92ab7f036ac56b81b11c26bde3f04

    • SHA1

      487731245cf2d514d8500d41820ed05badccf9ab

    • SHA256

      63634e6216314ba19543cd53527712010c3a1b9538b52081478072f2ef1fbbe8

    • SHA512

      d343ea01d91a644fb032902af92c011803e6374ed0bcba76c8a06ac04079efead0fd46f09f75905fe2a56ce92eeca8837ff9399af0816ba1306c2b16d52e9ea9

    • SSDEEP

      12288:ot9YDdx9JdlBCxLWa94q20dnp1yNh+LSVU1LkpgU502yuwnHXnlawOYYyMbX5VQq:ooXlBCxi+n8wLk+UauCXnEwYJjcXYx

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks