General
-
Target
7d01724c79d4700a856904f0d23d5f61
-
Size
1.5MB
-
Sample
240128-nnfacabedq
-
MD5
7d01724c79d4700a856904f0d23d5f61
-
SHA1
9ba2d3d971e9c3d67123fd59982cd345fc9b91c6
-
SHA256
dd59504ed58f376ab5066cffac84314a3a5fc20485eceb7bef7f4ff6825af087
-
SHA512
21293b61e166bd5085964c04684f03fffb6e1e8f7b806c3971dede0249cfe4058a6a24996662d06fc519d7b501c12ceb7809f898d951ed1b8dd6b64c2d6faf36
-
SSDEEP
24576:+OrhocsyM/9jjIiGs1lUxqLER4Q6sfDHyMDuaz+nBdC5rTowSkoYd2vIkIRjQM9s:PwyM/lp7Y4Q5SMDuazGBdCt7roglvfIc
Static task
static1
Behavioral task
behavioral1
Sample
7d01724c79d4700a856904f0d23d5f61.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
7d01724c79d4700a856904f0d23d5f61.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
cryptbot
haiwpj11.top
morhas01.top
-
payload_url
http://zelcax01.top/download.php?file=lv.exe
Targets
-
-
Target
7d01724c79d4700a856904f0d23d5f61
-
Size
1.5MB
-
MD5
7d01724c79d4700a856904f0d23d5f61
-
SHA1
9ba2d3d971e9c3d67123fd59982cd345fc9b91c6
-
SHA256
dd59504ed58f376ab5066cffac84314a3a5fc20485eceb7bef7f4ff6825af087
-
SHA512
21293b61e166bd5085964c04684f03fffb6e1e8f7b806c3971dede0249cfe4058a6a24996662d06fc519d7b501c12ceb7809f898d951ed1b8dd6b64c2d6faf36
-
SSDEEP
24576:+OrhocsyM/9jjIiGs1lUxqLER4Q6sfDHyMDuaz+nBdC5rTowSkoYd2vIkIRjQM9s:PwyM/lp7Y4Q5SMDuazGBdCt7roglvfIc
Score10/10-
CryptBot payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-