General

  • Target

    7cf67345467fa5cdcb4b3481a6b10c9c

  • Size

    747KB

  • Sample

    240128-m9gjvsbbel

  • MD5

    7cf67345467fa5cdcb4b3481a6b10c9c

  • SHA1

    40e6d372b6df86813ef68d679b7989b8ae0cc01d

  • SHA256

    ac526f47c344aabba89de0e7398ecf6a9b24174a8de8ca9043e50b45e1722bf3

  • SHA512

    91ebaeba04c6cfd693ad94831bfb0295dfdc30ff1614fb62b18c851654184c84806b1bfafb2921bbda7dd6d1ce6e286a982e6af1c61be5f850ce30054589320d

  • SSDEEP

    12288:7YbcmdUNJQd0CRa758ZJ60dBrF/Ui+ZYejO/qVDPJ5qKmI68WgbMBC4f2nDJB:7NKd0CRC5ktZUi2giDPqZ0W8c+nDJB

Malware Config

Extracted

Family

cryptbot

C2

ewapyc22.top

morzup02.top

Attributes
  • payload_url

    http://winqoz02.top/download.php?file=lv.exe

Targets

    • Target

      7cf67345467fa5cdcb4b3481a6b10c9c

    • Size

      747KB

    • MD5

      7cf67345467fa5cdcb4b3481a6b10c9c

    • SHA1

      40e6d372b6df86813ef68d679b7989b8ae0cc01d

    • SHA256

      ac526f47c344aabba89de0e7398ecf6a9b24174a8de8ca9043e50b45e1722bf3

    • SHA512

      91ebaeba04c6cfd693ad94831bfb0295dfdc30ff1614fb62b18c851654184c84806b1bfafb2921bbda7dd6d1ce6e286a982e6af1c61be5f850ce30054589320d

    • SSDEEP

      12288:7YbcmdUNJQd0CRa758ZJ60dBrF/Ui+ZYejO/qVDPJ5qKmI68WgbMBC4f2nDJB:7NKd0CRC5ktZUi2giDPqZ0W8c+nDJB

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks