General
-
Target
8229bde4b9aad3a06e1f145bfab1a948
-
Size
1.4MB
-
Sample
240130-l6me9sdgf5
-
MD5
8229bde4b9aad3a06e1f145bfab1a948
-
SHA1
3581e78a29cdeeebf761bb2e7a55df3122cb41fb
-
SHA256
1093249b64c37ecd0e683da5e5429ff3e739b9f44d16b0480d14ebbf19250ed3
-
SHA512
9a976d129600cbffe49859b066e9ea0c9530d9870db8758cf39bfd213698adecd5058ba6d645b0a122a0e2a1141dfc0190299e045e79f66373b62a1a92c72180
-
SSDEEP
24576:VxdfkFBz4W6DkgrbTAmKJdeXA+fY67ZpU17PWlk7qodNJsnA:NkDqtrbTAxiQWHZW17PEk7qgsn
Static task
static1
Behavioral task
behavioral1
Sample
8229bde4b9aad3a06e1f145bfab1a948.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
8229bde4b9aad3a06e1f145bfab1a948.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
cryptbot
knuhld48.top
morumd04.top
-
payload_url
http://sarfri06.top/download.php?file=lv.exe
Targets
-
-
Target
8229bde4b9aad3a06e1f145bfab1a948
-
Size
1.4MB
-
MD5
8229bde4b9aad3a06e1f145bfab1a948
-
SHA1
3581e78a29cdeeebf761bb2e7a55df3122cb41fb
-
SHA256
1093249b64c37ecd0e683da5e5429ff3e739b9f44d16b0480d14ebbf19250ed3
-
SHA512
9a976d129600cbffe49859b066e9ea0c9530d9870db8758cf39bfd213698adecd5058ba6d645b0a122a0e2a1141dfc0190299e045e79f66373b62a1a92c72180
-
SSDEEP
24576:VxdfkFBz4W6DkgrbTAmKJdeXA+fY67ZpU17PWlk7qodNJsnA:NkDqtrbTAxiQWHZW17PEk7qgsn
Score10/10-
CryptBot payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-