Overview

overview

10

Static

static

3

eeb62173d7...18.exe

windows7-x64

10

eeb62173d7...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    154s
  • max time network
    178s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-04-2024 00:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eeb62173d7b2f4d2719c16b1dc2809fe_JaffaCakes118.exe

  • Size

    574KB

  • MD5

    eeb62173d7b2f4d2719c16b1dc2809fe

  • SHA1

    acc4c9e1901a3fb601ce2f4e002023a2d8f3d556

  • SHA256

    6b9e4d4db87e97bddd7428853a603b4cf3de855b1016523bade50bc88904eca2

  • SHA512

    445ba6a41c46bcc86a815a6e293e40e5c7d9fddf91aaf0995791c30f55b0ef1c4fbf45a7a969c07226dcf8c12f2349d355186d11e196345add842cd2f55c7925

  • SSDEEP

    12288:1XW3sCPAMQi9JUK0cxlrS0R+gNrWL3hSh9ak87ti0WMRxwoO:1m8CPAduU5cxMHl3ho9ak87tdp

Score
10/10
cryptbotdiscoveryspywarestealer

Malware Config

Extracted

Family

cryptbot

C2

haiezf32.top

morcyr03.top
Attributes
  • payload_url

    http://zelstb04.top/download.php?file=lv.exe

Signatures

  • CryptBot

    A C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot
  • CryptBot payload 7 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of FindShellTrayWindow 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eeb62173d7b2f4d2719c16b1dc2809fe_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\eeb62173d7b2f4d2719c16b1dc2809fe_JaffaCakes118.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious use of FindShellTrayWindow
    PID:4496
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4120 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3984

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Unsecured Credentials

    2
    T1552

    Credentials In Files

    2
    T1552.001

    Discovery

    Query Registry

    2
    T1012

    System Information Discovery

    2
    T1082

    Lateral Movement

    Collection

    Data from Local System

    2
    T1005

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\ArvrdiZ6X\26WnhhAJARcCG.zip
      Filesize

      37KB

      MD5

      34766529a6148515719569bf651ea292

      SHA1

      7324634e7b9ab9008b85b9b8e9ef8a9897955e58

      SHA256

      79418f19c2bc2b82ecb2b3fd827a81e5891a94772ce8112ba468646b11b28d61

      SHA512

      ec303f8df85d47888e462e31af8e9abd176c550466b0ba08e629909177ead0e76e6cacbe2bf785210e1cc1349a454f619c01033b31801323523047d51d7898b3

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\ArvrdiZ6X\_Files\_Information.txt
      Filesize

      1KB

      MD5

      b2056a9bba4bbe9f72ade25a68aaec8a

      SHA1

      9c27d574c74d81a56b255c01cdbdba0d297e61e5

      SHA256

      69a0812e70784b2db6398373318078990dc7d695f6349e743694a7d27d7c845b

      SHA512

      102a8e935f35f3b0f6f4091030cace68ce05517a88fa9b48a9ac07299f73163f126a4bdac1b7429d8d589e1ffc910c0246b97fcdceb80298862606da84cf5b37

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\ArvrdiZ6X\_Files\_Information.txt
      Filesize

      3KB

      MD5

      bbc858c6a01006d66ae901145801fbce

      SHA1

      e87b2e325c1db0e571121ee5cf43f774a72d4dcf

      SHA256

      d1b9bb0077dcb3f6bb0f861bb60d2e7ff1135842303af29b6d905acc0249f085

      SHA512

      121b14d664d41ea3f4c28643d2508e0b4e45d6ea8ead5c25a711ffb72d154ae5ad1058eeb6f434f1ceec7c06ed7d87d0ba946c4f6935fc28f50c258959eb8fa2

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\ArvrdiZ6X\_Files\_Information.txt
      Filesize

      4KB

      MD5

      4aee1149f6846d92e2fe8ac51a889fbe

      SHA1

      799ed78078362ab28a22dbdb4aaca1475b0a8a19

      SHA256

      181141553ebe4f88ef2d9b84ea6b8fb9678d088e20dfd1e0b02b3acb42993d50

      SHA512

      b1c910a1e926e1338885d5f5670fe9e6448ddca9a096f9dacfb1200220cf68156cf6401e7f3a98bc9a7a6f33d324906e776ef0ab7af5695ea70673e449d530f5

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\ArvrdiZ6X\_Files\_Screen_Desktop.jpeg
      Filesize

      43KB

      MD5

      a5764cf22b5976aac88028abcfd53d5a

      SHA1

      675589498961c126ad97ce75a8303c866b0b3660

      SHA256

      b94f668d447da106bef509dda0949a280889e4bb0596800684fc088539938630

      SHA512

      32059fd669edeebaa4c8590c515b644d75245b2180968d9d0aa46625acd4d5a58d93fb9d1666f78cac16d2e62906139d6934ea360fe7616f806003716f9ba356

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\ArvrdiZ6X\files_\system_info.txt
      Filesize

      746B

      MD5

      fb0b59274f2dc273a1a45be25aff469f

      SHA1

      d9675069bdbc44f7bc851c0610c1ec8bc7b0dfa0

      SHA256

      144f05cdfb122efae6f5420673fa99d41e72a02b9aa5bd7e98a5a07f2832cecf

      SHA512

      4b280b7f00b170cbb3fd3557845509d6ab747b53fb3e3ca43dce734daee1873668cae1b0deaf4b8953bbb8b6a5951dd238404ae79aa7ebb0f5b7d3a2cbd514c3

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\ArvrdiZ6X\files_\system_info.txt
      Filesize

      1KB

      MD5

      bd2b7e04f35adb917401b13f76bf6040

      SHA1

      c7e0ed885793fee4e5efd424f6a8cf85be5d419d

      SHA256

      b5e7fdc9fe745d4cd288e6cd166d34ba62756e04913caf90d92894a80cd98373

      SHA512

      0f9417a89b796b7b9618397d4b7edcbf2ef2fbd6d6ad946cc943d24c786d46e32b1d06c874f282bbdbf2114aa3f20fef0ded1cde85d1bae90d48860268cd4c9d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\ArvrdiZ6X\files_\system_info.txt
      Filesize

      7KB

      MD5

      dacb88beef1c66255a474085517602bd

      SHA1

      6865bf07312f4a99bb11a1f65005a36f060be54b

      SHA256

      b83c17e40aeef02682881e60319fd5395023c9c780b6641d7e850e98296c742c

      SHA512

      ce75ab978a58bf87380f946250cfc4b7662077c9f2f19b027674da333b93fa8c3b2f605f41d0defeb389cee9174d91738a5f36f1a9424faae19cc19105279dd4

      Download Submit
    • memory/4496-5-0x0000000000400000-0x0000000002CC7000-memory.dmp
      Filesize

      40.8MB

      Download
    • memory/4496-114-0x0000000000400000-0x0000000002CC7000-memory.dmp
      Filesize

      40.8MB

      Download
    • memory/4496-4-0x0000000000400000-0x0000000002CC7000-memory.dmp
      Filesize

      40.8MB

      Download
    • memory/4496-3-0x0000000000400000-0x0000000002CC7000-memory.dmp
      Filesize

      40.8MB

      Download
    • memory/4496-1-0x0000000003000000-0x0000000003100000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/4496-218-0x0000000000400000-0x0000000002CC7000-memory.dmp
      Filesize

      40.8MB

      Download
    • memory/4496-219-0x0000000003000000-0x0000000003100000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/4496-220-0x0000000004A90000-0x0000000004B30000-memory.dmp
      Filesize

      640KB

      Download
    • memory/4496-2-0x0000000004A90000-0x0000000004B30000-memory.dmp
      Filesize

      640KB

      Download