cryptbot | d6255b4b18e6f07c4708cf6344163dfe3197cf403957bf3085a6a737bb37b038 | Triage

Submit
Reports

Overview

overview

Static

static

3

979d1d97ef...c4.exe

windows7-x64

979d1d97ef...c4.exe

windows10-2004-x64

Sharing

General

Target

979d1d97ef97c7ae5737a88e87757ec4
Size

750KB
Sample

240212-z1xwpsdh55
MD5

979d1d97ef97c7ae5737a88e87757ec4
SHA1

90d243cb67821975da1b13582476779eff5be9a5
SHA256

d6255b4b18e6f07c4708cf6344163dfe3197cf403957bf3085a6a737bb37b038
SHA512

05c60e3714d906ea985a923ebda9e2efca17dfe29bfe9169f8e14f7053dd2871d9fa6bafb1d56919c07041be8841cfba82811ac1868398e2587ca25433727b4f
SSDEEP

12288:7RC0TWlTuoyPO3DwWUhREG4HR7cOIiatuSgw8ibKmYjoCM0G3Pll93USBfC:vWlTuzWNOiarzYjoj0G/ll9o

Score

10^/10

cryptbot discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

979d1d97ef97c7ae5737a88e87757ec4.exe

Resource

win7-20231129-en

cryptbot spyware stealer

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

979d1d97ef97c7ae5737a88e87757ec4.exe

Resource

win10v2004-20231222-en

cryptbot discovery spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

cryptbot

C2

smarew72.top

moriwi07.top

Attributes

payload_url
http://guruzo10.top/download.php?file=lv.exe

Targets

- Target
  
  979d1d97ef97c7ae5737a88e87757ec4
- Size
  
  750KB
- MD5
  
  979d1d97ef97c7ae5737a88e87757ec4
- SHA1
  
  90d243cb67821975da1b13582476779eff5be9a5
- SHA256
  
  d6255b4b18e6f07c4708cf6344163dfe3197cf403957bf3085a6a737bb37b038
- SHA512
  
  05c60e3714d906ea985a923ebda9e2efca17dfe29bfe9169f8e14f7053dd2871d9fa6bafb1d56919c07041be8841cfba82811ac1868398e2587ca25433727b4f
- SSDEEP
  
  12288:7RC0TWlTuoyPO3DwWUhREG4HR7cOIiatuSgw8ibKmYjoCM0G3Pll93USBfC:vWlTuzWNOiarzYjoj0G/ll9o
Score

10^/10

cryptbot spyware stealer discovery
- CryptBot
  A C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- CryptBot payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptbotspywarestealer

behavioral2

cryptbotdiscoveryspywarestealer

© 2018-2024

Terms | Privacy