General
-
Target
7f1768f8d49b2339e0fb39e6cb19ed22
-
Size
630KB
-
Sample
240129-gxhy9sdbhr
-
MD5
7f1768f8d49b2339e0fb39e6cb19ed22
-
SHA1
9730e09f3c4548536180283b89f9046237a4c258
-
SHA256
b57b2c143036ce5ee287e63f717278933a2d9b64a9c85999343f715d91f2f6e1
-
SHA512
0c129f7ddda2b7ff9acecf6b6ef785640f5ec58bc7e83d3739b6e1bed8312cb9f4c69fd2b3f8fba10594ab6e7c4ebc17b41c64c2744fb4077969094ba5ec8f67
-
SSDEEP
12288:I0ICiL0j9l7ZMibYBS2hlt9t5t7Qt6HPfJpEy3tO7jHTj4nri4sy7I6:IT0j9l7H0lt26oy3tiHTj4ri4syM6
Static task
static1
Behavioral task
behavioral1
Sample
7f1768f8d49b2339e0fb39e6cb19ed22.exe
Resource
win7-20231215-en
Malware Config
Extracted
cryptbot
knuxiq42.top
morumd04.top
-
payload_url
http://sarfri06.top/download.php?file=lv.exe
Targets
-
-
Target
7f1768f8d49b2339e0fb39e6cb19ed22
-
Size
630KB
-
MD5
7f1768f8d49b2339e0fb39e6cb19ed22
-
SHA1
9730e09f3c4548536180283b89f9046237a4c258
-
SHA256
b57b2c143036ce5ee287e63f717278933a2d9b64a9c85999343f715d91f2f6e1
-
SHA512
0c129f7ddda2b7ff9acecf6b6ef785640f5ec58bc7e83d3739b6e1bed8312cb9f4c69fd2b3f8fba10594ab6e7c4ebc17b41c64c2744fb4077969094ba5ec8f67
-
SSDEEP
12288:I0ICiL0j9l7ZMibYBS2hlt9t5t7Qt6HPfJpEy3tO7jHTj4nri4sy7I6:IT0j9l7H0lt26oy3tiHTj4ri4syM6
-
CryptBot payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-