General

  • Target

    7d01724c79d4700a856904f0d23d5f61

  • Size

    1.5MB

  • Sample

    240128-nnfacabedq

  • MD5

    7d01724c79d4700a856904f0d23d5f61

  • SHA1

    9ba2d3d971e9c3d67123fd59982cd345fc9b91c6

  • SHA256

    dd59504ed58f376ab5066cffac84314a3a5fc20485eceb7bef7f4ff6825af087

  • SHA512

    21293b61e166bd5085964c04684f03fffb6e1e8f7b806c3971dede0249cfe4058a6a24996662d06fc519d7b501c12ceb7809f898d951ed1b8dd6b64c2d6faf36

  • SSDEEP

    24576:+OrhocsyM/9jjIiGs1lUxqLER4Q6sfDHyMDuaz+nBdC5rTowSkoYd2vIkIRjQM9s:PwyM/lp7Y4Q5SMDuazGBdCt7roglvfIc

Malware Config

Extracted

Family

cryptbot

C2

haiwpj11.top

morhas01.top

Attributes
  • payload_url

    http://zelcax01.top/download.php?file=lv.exe

Targets

    • Target

      7d01724c79d4700a856904f0d23d5f61

    • Size

      1.5MB

    • MD5

      7d01724c79d4700a856904f0d23d5f61

    • SHA1

      9ba2d3d971e9c3d67123fd59982cd345fc9b91c6

    • SHA256

      dd59504ed58f376ab5066cffac84314a3a5fc20485eceb7bef7f4ff6825af087

    • SHA512

      21293b61e166bd5085964c04684f03fffb6e1e8f7b806c3971dede0249cfe4058a6a24996662d06fc519d7b501c12ceb7809f898d951ed1b8dd6b64c2d6faf36

    • SSDEEP

      24576:+OrhocsyM/9jjIiGs1lUxqLER4Q6sfDHyMDuaz+nBdC5rTowSkoYd2vIkIRjQM9s:PwyM/lp7Y4Q5SMDuazGBdCt7roglvfIc

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks