cryptbot

Sharing

Copy URL

Twitter E-mail

General

Target

e882a1dd4b17dc254c6480775eacc7bc_JaffaCakes118
Size

1.7MB
Sample

240408-1tmmtsch95
MD5

e882a1dd4b17dc254c6480775eacc7bc
SHA1

0f0b5c5dbc4cd3e02009f774e352808712ed607b
SHA256

fcd0904bb17ffe18d018643fc90e7e02889c529b529a8a88e7c527403874379f
SHA512

bb9675f4a9b37e63163c9d810baa3ed1ec3a192b117543aad85ff9a04b07d6aedd80a6d090e623dd583838287f1aa8f0731627f838508a4dbe4bf044c01857fe
SSDEEP

49152:fUKc27m5MIBgW8kLYhNI55KYCOqSwh7Q:fUKcTeIJMk+L9

Score

10^/10

Malware Config

Extracted

Family

cryptbot

smainz71.top

moriwi07.top

Attributes

payload_url
http://guruzo10.top/download.php?file=lv.exe

Targets

- Target
  
  e882a1dd4b17dc254c6480775eacc7bc_JaffaCakes118
- Size
  
  1.7MB
- MD5
  
  e882a1dd4b17dc254c6480775eacc7bc
- SHA1
  
  0f0b5c5dbc4cd3e02009f774e352808712ed607b
- SHA256
  
  fcd0904bb17ffe18d018643fc90e7e02889c529b529a8a88e7c527403874379f
- SHA512
  
  bb9675f4a9b37e63163c9d810baa3ed1ec3a192b117543aad85ff9a04b07d6aedd80a6d090e623dd583838287f1aa8f0731627f838508a4dbe4bf044c01857fe
- SSDEEP
  
  49152:fUKc27m5MIBgW8kLYhNI55KYCOqSwh7Q:fUKcTeIJMk+L9
Score

10^/10

cryptbot discovery persistence spyware stealer
- CryptBot
  A C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- CryptBot payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1
- Target
  
  Inespresso.xlm
- Size
  
  872KB
- MD5
  
  cf31bde37831552fab013aaf8c9f4be6
- SHA1
  
  159fc03c0d082e6c110afa148e7300354015100c
- SHA256
  
  bd6b8c5d28904d2b863702b1903f7a916b1233675e3b2a57330855de90e335cd
- SHA512
  
  b3e543eef5d17165aed0b608a32c66149660bdf763f507063304e893d74132e167e3e28df8ff32a0e6dce01d3843a5a5c14a0c6754e131cf82c6efe618ed0c1b
- SSDEEP
  
  12288:8pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:8T3E53Myyzl0hMf1tr7Caw8M01
Score

1^/10
behavioral2 behavioral3
- Target
  
  Nemica.xlm
- Size
  
  894KB
- MD5
  
  a04bbed6affbcb15ccce225509cd9ca1
- SHA1
  
  a7db9bd56c0abeb9c15fc0deae26c445db95073f
- SHA256
  
  27f09926063ca744ba9f0afb85d45df7b4165f757a1ec88a6f68411591c9e005
- SHA512
  
  963ef7669e8b1b3eed613da2edd00abb54d5854d2ec93eafcfafa2eaa9f4766b72edecc37134f59727fe1622b59f435583bcc3eecae500cc1e6a2b703f870aa9
- SSDEEP
  
  24576:LsahnkIOrsrSLe4wP57uKCHvOmTYfSSFVQ8y:bk5s00P5aKOvOFSSFVQd
Score

1^/10
behavioral4 behavioral5
- Target
  
  Ora.xlm
- Size
  
  456B
- MD5
  
  18b24f12fdd4bd6d5efb8cfbdb678913
- SHA1
  
  f5c907df748cce46ed713cae112c5db4a36ba040
- SHA256
  
  560533a9c03a9ec0befcfe79bbda4af6302b57a567eff87f0a8b74043b427340
- SHA512
  
  c2d019d4e6fbdf22809914d8cd15570f9ac64c0f5cb3bdcbcbb346fa3c1082a564926ceb058337f32c6897f0a620203f2d296bae65516a3dc5436cac2098781a
Score

1^/10
behavioral6 behavioral7
- Target
  
  Sara.xlm
- Size
  
  648KB
- MD5
  
  ba75521f7c6ecec854204a48473fbdca
- SHA1
  
  c07e7a94203325034a513e93edd5da776e6546a2
- SHA256
  
  1b20777078d78e8af6cce703229ee3a1d890f5a91e192923a4ef9c6b64336b25
- SHA512
  
  41cb3346993b18a17d395bad25291882cdd2d4b91dce587c4397a8d952e71f6593b13d1c73d6b578c54ac9ba50b93e6c4f4d8247cfc5b5f0546de8f8c94f4a2a
- SSDEEP
  
  6144:I0UV2T1RP49ZEfDGCnafNYS2R74NGSjrhtmrJuiWQvchSgbJb8BdqGsuYZVDuXDX:Z1tEcBQGKrhZiLsdaqTz6KqR
Score

1^/10
behavioral8 behavioral9