General
-
Target
7cf67345467fa5cdcb4b3481a6b10c9c
-
Size
747KB
-
Sample
240128-m9gjvsbbel
-
MD5
7cf67345467fa5cdcb4b3481a6b10c9c
-
SHA1
40e6d372b6df86813ef68d679b7989b8ae0cc01d
-
SHA256
ac526f47c344aabba89de0e7398ecf6a9b24174a8de8ca9043e50b45e1722bf3
-
SHA512
91ebaeba04c6cfd693ad94831bfb0295dfdc30ff1614fb62b18c851654184c84806b1bfafb2921bbda7dd6d1ce6e286a982e6af1c61be5f850ce30054589320d
-
SSDEEP
12288:7YbcmdUNJQd0CRa758ZJ60dBrF/Ui+ZYejO/qVDPJ5qKmI68WgbMBC4f2nDJB:7NKd0CRC5ktZUi2giDPqZ0W8c+nDJB
Static task
static1
Behavioral task
behavioral1
Sample
7cf67345467fa5cdcb4b3481a6b10c9c.exe
Resource
win7-20231215-en
Malware Config
Extracted
cryptbot
ewapyc22.top
morzup02.top
-
payload_url
http://winqoz02.top/download.php?file=lv.exe
Targets
-
-
Target
7cf67345467fa5cdcb4b3481a6b10c9c
-
Size
747KB
-
MD5
7cf67345467fa5cdcb4b3481a6b10c9c
-
SHA1
40e6d372b6df86813ef68d679b7989b8ae0cc01d
-
SHA256
ac526f47c344aabba89de0e7398ecf6a9b24174a8de8ca9043e50b45e1722bf3
-
SHA512
91ebaeba04c6cfd693ad94831bfb0295dfdc30ff1614fb62b18c851654184c84806b1bfafb2921bbda7dd6d1ce6e286a982e6af1c61be5f850ce30054589320d
-
SSDEEP
12288:7YbcmdUNJQd0CRa758ZJ60dBrF/Ui+ZYejO/qVDPJ5qKmI68WgbMBC4f2nDJB:7NKd0CRC5ktZUi2giDPqZ0W8c+nDJB
-
CryptBot payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-