General

  • Target

    849ff89531036596a39c31e5b023ac52

  • Size

    619KB

  • Sample

    240131-rh4mjafgap

  • MD5

    849ff89531036596a39c31e5b023ac52

  • SHA1

    e408e841600dc4d2d925cbca6c022a5babe46211

  • SHA256

    48dcbd723235d40fc1e4162e8808b4ca5eaa2b3fcd1d8daf8fc9b5bce31cf0ca

  • SHA512

    f1c852c85f1e001d1aa2d4fabbd8891c4d886c2242bfc0f6d16cbaafbcb2a06fac90b0b86b31068f3b7c1ea2870b46343ba8be1e2f4d04a65f3c8e22088c8b57

  • SSDEEP

    12288:6k/hUzVnAebJfZIrcPFql59iqp+6TH46YV+CNgiRB5XpiEkPr62I:WzWeQqiiqpdTYnA2xjkPr62I

Malware Config

Extracted

Family

cryptbot

C2

knuplj61.top

morwye06.top

Attributes
  • payload_url

    http://sarjeb09.top/download.php?file=lv.exe

Targets

    • Target

      849ff89531036596a39c31e5b023ac52

    • Size

      619KB

    • MD5

      849ff89531036596a39c31e5b023ac52

    • SHA1

      e408e841600dc4d2d925cbca6c022a5babe46211

    • SHA256

      48dcbd723235d40fc1e4162e8808b4ca5eaa2b3fcd1d8daf8fc9b5bce31cf0ca

    • SHA512

      f1c852c85f1e001d1aa2d4fabbd8891c4d886c2242bfc0f6d16cbaafbcb2a06fac90b0b86b31068f3b7c1ea2870b46343ba8be1e2f4d04a65f3c8e22088c8b57

    • SSDEEP

      12288:6k/hUzVnAebJfZIrcPFql59iqp+6TH46YV+CNgiRB5XpiEkPr62I:WzWeQqiiqpdTYnA2xjkPr62I

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks