General

  • Target

    864ca0cdb8af3aa5965ab638cfd1ea2f

  • Size

    1.5MB

  • Sample

    240201-jb653sedc6

  • MD5

    864ca0cdb8af3aa5965ab638cfd1ea2f

  • SHA1

    e4484f4603ee16c9d9aeddb72e7408e23658f963

  • SHA256

    361ed2dd95d2d7fe2e877e383613e76a025007717a7b1527fe5a45f941ae2789

  • SHA512

    50ba3bccf3f459a89b2e4df4090f8cff8ee618404178b5eda534dbbae39850a44fdf1d326e1ebe90f8c56138aaacf0426cc2efe88ae690cbafcf4eb0f5da72d4

  • SSDEEP

    24576:VKX70zuHNxDSk67v0+rrKo6bwjBwaT+fWt7Wj8icV97mw6JhnGKJpZ:IYat+s+rrKo6bwjBZP5iQ7mw8p

Malware Config

Extracted

Family

cryptbot

C2

haizul15.top

morhas01.top

Attributes
  • payload_url

    http://zelcax01.top/download.php?file=lv.exe

Targets

    • Target

      864ca0cdb8af3aa5965ab638cfd1ea2f

    • Size

      1.5MB

    • MD5

      864ca0cdb8af3aa5965ab638cfd1ea2f

    • SHA1

      e4484f4603ee16c9d9aeddb72e7408e23658f963

    • SHA256

      361ed2dd95d2d7fe2e877e383613e76a025007717a7b1527fe5a45f941ae2789

    • SHA512

      50ba3bccf3f459a89b2e4df4090f8cff8ee618404178b5eda534dbbae39850a44fdf1d326e1ebe90f8c56138aaacf0426cc2efe88ae690cbafcf4eb0f5da72d4

    • SSDEEP

      24576:VKX70zuHNxDSk67v0+rrKo6bwjBwaT+fWt7Wj8icV97mw6JhnGKJpZ:IYat+s+rrKo6bwjBZP5iQ7mw8p

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

    • CryptBot payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      Abbozzo.pptx

    • Size

      872KB

    • MD5

      9b4edfa5758375db2c184a31a021d644

    • SHA1

      946052f8480d5aab046e14e5ca91689e1bce50a6

    • SHA256

      c07966c0bb37df2508aa2d0883c5fc71972f7970612b16ecf88f19dc32e238a6

    • SHA512

      b2c866927b7216d2caf23e3540ee6b6e046dde92d7a304481bfa375bf37c4b76b2bf27cdb870165721867631f3ea1473429f88e55498459d48e952192c6c79b1

    • SSDEEP

      12288:2pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:2T3E53Myyzl0hMf1tr7Caw8M01

    Score
    1/10
    • Target

      Bianchezza.pptx

    • Size

      781KB

    • MD5

      b81ffafe420ec5c112adbfb5dbf58dae

    • SHA1

      aed9912ef1f913adae06f3599db37acab0449b6d

    • SHA256

      a1101f7091793e1b903ccae683a92a99f2a0b73d9a286c288d68baad9cd75c1c

    • SHA512

      099ad874cbb9fc5b4a1f676e5e51ae0bcf9e1509b0aab5f0b399a7ffcecda39b611d6e3074354e1ef293ccbf8a9de224c9a4023983dffe51f908504f7e73e7f2

    • SSDEEP

      6144:WeyivOi1CAv84NWx8JhA8p/c8PsEC1NpSCdnRo5ifDliJbCHHs8fkXUjxupiRWCa:HyXiS4NWibDiEapfG4fDlBHHs8XZWz

    Score
    1/10
    • Target

      Mio.pptx

    • Size

      634KB

    • MD5

      b7fcc20dfd1dad2f52303308670bece4

    • SHA1

      4362b80d9b5d958273296521e1c8e364bfd403a4

    • SHA256

      aea28be93e665a4498918f6e8d9cf3a8d8af7118617e4ae6c0eaf37c8518e95a

    • SHA512

      f96cb841956cafc29b66bd8e97ce1a525f89de436248c144f1b743943f33c5ed3e66478a48d000bb4271e59a2cb423bf1bbfc4f83dd3d5780a84f680bd6b4ae4

    • SSDEEP

      12288:Lfa7kysuFyXe5IaB+srivirhs9JoO8X9Hw9+Yk0tUpIwGhpuTKJpbci:TavFyXiIaE+iaqMpdw9JhITKJpn

    Score
    1/10
    • Target

      Nuca.pptx

    • Size

      436B

    • MD5

      fa2f54d119c0712ac756900a882d2311

    • SHA1

      d554388e0652716128b169b5e7f1f21d9d3bd852

    • SHA256

      82796ce435feadbf81245c4ee1b4c47215aee238c87640b595bb41189d542c68

    • SHA512

      ea27b108dace606322b83be48a55d81b9ed98302b5db48f6efd2cb442acc9a6874784051a757fc2b0ba03a5460bf044dab103f936ebbafbd226d85ef92daee85

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks