cryptbot | 262448352a09eb1da2f969f825c849cce7ec7dbcb79deda59611ca94fa7f099b | Triage

Submit
Reports

Overview

overview

Static

static

3813337991...5f.exe

windows7-x64

7

3813337991...5f.exe

windows10-2004-x64

7

Sharing

General

Target

262448352a09eb1da2f969f825c849cce7ec7dbcb79deda59611ca94fa7f099b
Size

134KB
Sample

240417-r3mjrace73
MD5

56735bfaafb1597fa6a904a11e373d2c
SHA1

11ed0afcbd705607a663ac6b299939c3a9864c76
SHA256

262448352a09eb1da2f969f825c849cce7ec7dbcb79deda59611ca94fa7f099b
SHA512

0058d7eea12be04056ed79ec61234833cdc011be75fdfaf37dcf72d9bb7c7695488896d2e7cbf8f88056b228c6f1141eca4db047dfffe72903107e5d30363014
SSDEEP

3072:xPfUETU+8N8acM2Ol/tniEjS97Mn8/4toQRSdqoNMu8dEUPhzMvYv:xnU3/BtiEu97Q8UoQoY5rdpZgQv

Score

10^/10

cryptbot discovery spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe

Resource

win7-20240221-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe

Resource

win10v2004-20240226-en

discovery spyware stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

cryptbot

C2

unic16m.top

unic16e.top

Targets

- Target
  
  381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe
- Size
  
  280KB
- MD5
  
  681457fa460dff885eef657f166d5ef8
- SHA1
  
  44cac83393e0d6d083f0f2ae064090e2478f715b
- SHA256
  
  381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f
- SHA512
  
  369d299957327e6260f636933756054a0cd6ca78c4e585544aaac56c87fc6da8c9140e0ab0db51c601c06b95566ffa75d1f9699bc53369994eb0ab6d19eb2180
- SSDEEP
  
  6144:s068sLPlQBdpbFl37RYeuFAeQKWQcAfoOGCR/4jTHazM80WLXTT9Bvl:s068sLPlQBdpbFl3l0FAepWQcMdu+Ymt
Score

7^/10

discovery spyware stealer
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

discoveryspywarestealer

© 2018-2024

Terms | Privacy