General

  • Target

    7f069db2ab6265eda9525a6fe3b1323e

  • Size

    1.6MB

  • Sample

    240129-gb4nvabbg9

  • MD5

    7f069db2ab6265eda9525a6fe3b1323e

  • SHA1

    6461232ed40b10ccee1d3fca4e5066d0ab9265a3

  • SHA256

    65eed3a6cf1f9ab1c10ddfb72db4134d22c0515fdfa4322e8f5d1b32c516d7fc

  • SHA512

    bd46802ee5a9f0a263c14116c60bc9c1f6d6784d9a4382b7eb8b62da0f7ac01b7b10af5c84d6d7165417c75ecd42d0fbfef217d682db363af13ff8932ebaa267

  • SSDEEP

    49152:/3WNisUPMS+spfLqHRthDFvHoamC41Y4vlPgV:/3aVS+sNqHRPZvHoamP++

Malware Config

Extracted

Family

cryptbot

C2

ewabpl55.top

morexn05.top

Attributes
  • payload_url

    http://winorm07.top/download.php?file=lv.exe

Targets

    • Target

      7f069db2ab6265eda9525a6fe3b1323e

    • Size

      1.6MB

    • MD5

      7f069db2ab6265eda9525a6fe3b1323e

    • SHA1

      6461232ed40b10ccee1d3fca4e5066d0ab9265a3

    • SHA256

      65eed3a6cf1f9ab1c10ddfb72db4134d22c0515fdfa4322e8f5d1b32c516d7fc

    • SHA512

      bd46802ee5a9f0a263c14116c60bc9c1f6d6784d9a4382b7eb8b62da0f7ac01b7b10af5c84d6d7165417c75ecd42d0fbfef217d682db363af13ff8932ebaa267

    • SSDEEP

      49152:/3WNisUPMS+spfLqHRthDFvHoamC41Y4vlPgV:/3aVS+sNqHRPZvHoamP++

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      Che.dll

    • Size

      872KB

    • MD5

      5ace440dbab4fae8a0d876e1f70f73f9

    • SHA1

      4ec2f4aa680bd1f997861d404da3f09f08d20797

    • SHA256

      7cd98547984f6055c5c791a880d3c4d25867ada1cffc7ed989865010da2583cf

    • SHA512

      1adf1482d093af6f9dd4ff95c2826197e62ed53617594c1662b264f3ce9e12ef639084944238f98a3b6f5dfc4d58c9b7fdb801cca61a31e34aba5c6d6f60cc62

    • SSDEEP

      12288:DpVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:DT3E53Myyzl0hMf1tr7Caw8M01

    Score
    1/10
    • Target

      Facilita.dll

    • Size

      725KB

    • MD5

      01a29a79acfa7dcd26597642fa08940e

    • SHA1

      c017576b87b8c7839b4ba4f6d636fc92df621305

    • SHA256

      ae84d6614fecb4857fb0795d80268b43e2295f3f7abd11a3f8d27dd6cfe0062d

    • SHA512

      33ff1a704405da2ae267d3f5526b9591eefd8bd5e40c5ffa9e7bde2e806af2d4e81b20b4057582e2da7ff2b7fd90da9bfb8d972d966a4030b7525bea1197f8f5

    • SSDEEP

      12288:Z4Bd21aENQdJMbBXPqKRDKEc0Ctkqt6oS:GB0MoBPtfpJ

    Score
    1/10
    • Target

      Illusione.dll

    • Size

      503B

    • MD5

      f0230d2c7654b37568826e5d396172c1

    • SHA1

      09b274baffe4ef83e167a1a55d13d35865ad49f2

    • SHA256

      93015edd23da480cc14fc12700fddcaf3c5b1d7594a814101d0daaf10d34e0a8

    • SHA512

      f30f9dc3ad0bf674d69d8af78d7fd1083164a931ffda3f2aa6f654f9f94999b3f7bee79f80586c75ec71c052030c7b2c3e41a76eb27c216814e0d2339f0635ec

    Score
    1/10
    • Target

      Veda.dll

    • Size

      634KB

    • MD5

      77eb0c56a5dd92ca6771d4bbb5ab8946

    • SHA1

      dd58133e2b386e3cfbd4c8797eac25af47af4f3b

    • SHA256

      30c7b9b28c948d091074855b32bb957023de6261d889247207b3262b4798ee9c

    • SHA512

      190d7e6215a799bbf07abd91053eff483b9a3ba7a62c812346740d1d9644f11d222cb517e7cd041ea0d9f49dfa535e392e21b4f8ecbc5361d15bb4e0dcc2e47a

    • SSDEEP

      12288:+oXF6IqF6uc6xc4k8iUAUdo9+6civIb9F874YR7WfpUKWwW1wV2T6lWqHV7:HF6L0uvxcyiFrE6cUG8UY50WR16lPHV7

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks