General

  • Target

    8229bde4b9aad3a06e1f145bfab1a948

  • Size

    1.4MB

  • Sample

    240130-l6me9sdgf5

  • MD5

    8229bde4b9aad3a06e1f145bfab1a948

  • SHA1

    3581e78a29cdeeebf761bb2e7a55df3122cb41fb

  • SHA256

    1093249b64c37ecd0e683da5e5429ff3e739b9f44d16b0480d14ebbf19250ed3

  • SHA512

    9a976d129600cbffe49859b066e9ea0c9530d9870db8758cf39bfd213698adecd5058ba6d645b0a122a0e2a1141dfc0190299e045e79f66373b62a1a92c72180

  • SSDEEP

    24576:VxdfkFBz4W6DkgrbTAmKJdeXA+fY67ZpU17PWlk7qodNJsnA:NkDqtrbTAxiQWHZW17PEk7qgsn

Malware Config

Extracted

Family

cryptbot

C2

knuhld48.top

morumd04.top

Attributes
  • payload_url

    http://sarfri06.top/download.php?file=lv.exe

Targets

    • Target

      8229bde4b9aad3a06e1f145bfab1a948

    • Size

      1.4MB

    • MD5

      8229bde4b9aad3a06e1f145bfab1a948

    • SHA1

      3581e78a29cdeeebf761bb2e7a55df3122cb41fb

    • SHA256

      1093249b64c37ecd0e683da5e5429ff3e739b9f44d16b0480d14ebbf19250ed3

    • SHA512

      9a976d129600cbffe49859b066e9ea0c9530d9870db8758cf39bfd213698adecd5058ba6d645b0a122a0e2a1141dfc0190299e045e79f66373b62a1a92c72180

    • SSDEEP

      24576:VxdfkFBz4W6DkgrbTAmKJdeXA+fY67ZpU17PWlk7qodNJsnA:NkDqtrbTAxiQWHZW17PEk7qgsn

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks