General

  • Target

    8434835aa84653edea3d33e1b5b31b98

  • Size

    1.5MB

  • Sample

    240131-mtbcxaadd5

  • MD5

    8434835aa84653edea3d33e1b5b31b98

  • SHA1

    4b172c6d0e1de7723c3f1f0657a485e0e498f289

  • SHA256

    b3c673f83a5acafdea6d995ee24e6a180f5123cccf8d4d30f6e3b51cadbabd95

  • SHA512

    a10a54ef6d95a89cbc6008216f7f80da554b90ac8de839f19ac367b293a0fca0c0aa10b4fe8851387f34a4cc605f4039e82dc0676ab33f44bf4567e863a7b5d8

  • SSDEEP

    24576:VEHC0rfWIHRL9KPqs4+2Bjo6Ln30ovGO4P5rIxtiwF+cVrO8CDXlQi:L0jJHqPqsnUU6L30qGOgrIiwFq1Q

Malware Config

Extracted

Family

cryptbot

C2

ewaqfe45.top

morjau04.top

Attributes
  • payload_url

    http://winhaf05.top/download.php?file=lv.exe

Targets

    • Target

      8434835aa84653edea3d33e1b5b31b98

    • Size

      1.5MB

    • MD5

      8434835aa84653edea3d33e1b5b31b98

    • SHA1

      4b172c6d0e1de7723c3f1f0657a485e0e498f289

    • SHA256

      b3c673f83a5acafdea6d995ee24e6a180f5123cccf8d4d30f6e3b51cadbabd95

    • SHA512

      a10a54ef6d95a89cbc6008216f7f80da554b90ac8de839f19ac367b293a0fca0c0aa10b4fe8851387f34a4cc605f4039e82dc0676ab33f44bf4567e863a7b5d8

    • SSDEEP

      24576:VEHC0rfWIHRL9KPqs4+2Bjo6Ln30ovGO4P5rIxtiwF+cVrO8CDXlQi:L0jJHqPqsnUU6L30qGOgrIiwFq1Q

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      Avidamente.ppt

    • Size

      634KB

    • MD5

      efe5b0ff3cb167100450c2faf42f1f2d

    • SHA1

      7a95bdd97b025c7f934edcf4312589b6c212b09b

    • SHA256

      a8be42294884fb494bd3d44603371255a520b55ee30d34e21ace1ccca72ff3d0

    • SHA512

      05720ab0b8ed75254e0e6d2d2221e075455e334d5165ecb64ff5ded2466e4f719b087010ab1a55c0906bacde6ce43baa170b2c779b6cf38ae48b93d8d76a7497

    • SSDEEP

      12288:romeoyJJT4ZqTrfw+gsclHJqSw5JSUdRtMpQQJaVqbOYHRtZFhMdlF1n:roeyP4ITrI4tSwZGwVAO6dDUlFt

    Score
    1/10
    • Target

      Lui.ppt

    • Size

      720KB

    • MD5

      64310fce58e4078f3b5b5c1ba9369913

    • SHA1

      f75ed0acd4b758c5050b930f80088d4f18761338

    • SHA256

      b04112121c607ad479f40eabe9282aab7f9dcf3d4673b1847a0123d3fa715cb2

    • SHA512

      b0861feb2136c82ed83aa9a2f22f50d576a912565f934ef4c90d9138c7023e7f251ee24d39a9acf787adab8df39cfd91a0bd71e2dc31609852cf5eb34330abac

    • SSDEEP

      12288:7YA+tUh1tQIfmejLZ0AZ8KESU7730XAE72FuBvM3j:PvLmcl0oAG2FSvwj

    Score
    1/10
    • Target

      Ora.ppt

    • Size

      872KB

    • MD5

      ca71fed93b16d5375c0bd068692e2872

    • SHA1

      7d8e2a63e008865e85de92a21aa9c9c9511f01c2

    • SHA256

      907abc210326d5ec912d4cb3959d03c5b4232a2d5ccb2822edced5ceb8b15125

    • SHA512

      773d3c0294745e9e8dc0fe9b7c4f137a96eb1d3e2a4b5afa367a8fd68c75bcb3cd278940f5e5f4e28cdbf51de2487349b18fb096b1a13fa9732e024c8f75721e

    • SSDEEP

      12288:zpVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:zT3E53Myyzl0hMf1tr7Caw8M01

    Score
    1/10
    • Target

      Pei.ppt

    • Size

      425B

    • MD5

      785225bc18fe9f16d8a675ab73e5e5a9

    • SHA1

      fdb2a2c005d479941069946e3227778fb310de99

    • SHA256

      fae8f12d0ae7dd390313c53cb2832dad08ba04e95a95f176926fd74c4fa087e7

    • SHA512

      40d8f0897d2473a4ab3ba3de4d0025525f0d00ab7af94698816bf47b3cf5a7ed5656f9106f209805bc65f6e4f9cc4a85bf72cd244b059b79818d36961064e493

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks