Overview

overview

10

Static

static

3

f93df5b9d2...18.exe

windows7-x64

10

f93df5b9d2...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f93df5b9d273ec9921943e36de014dfc_JaffaCakes118

  • Size

    759KB

  • Sample

    240419-b9kezaee2x

  • MD5

    f93df5b9d273ec9921943e36de014dfc

  • SHA1

    95d42a9e6c989ebd15b24c2ae997b142f5c063cd

  • SHA256

    194c939150cd885553cc6e02f1c8dbe5fb7bf327556245d76d6ea165ec959670

  • SHA512

    4fd5fbc6cd08367de3bbf71d05dd5ef0dd205ee8655b4511ff6249db2d47870a8173fee158a66bab55d8bcf5c02cb4f402584d23274fd8184d24264657e60cf0

  • SSDEEP

    12288:afyWzL1hFtK0pMQS3NRLSbL/3PiSQ9GLLsHBsVIdEJ6p206Z0yY9qigKekeqn/:sL1hFtK+9vPc9G4BsZP0RyABePqn/

Score
10/10
cryptbotdiscoveryspywarestealer

Malware Config

Extracted

Family

cryptbot

C2

smarew72.top

moriwi07.top
Attributes
  • payload_url

    http://guruzo10.top/download.php?file=lv.exe

Targets

    • Target

      f93df5b9d273ec9921943e36de014dfc_JaffaCakes118

    • Size

      759KB

    • MD5

      f93df5b9d273ec9921943e36de014dfc

    • SHA1

      95d42a9e6c989ebd15b24c2ae997b142f5c063cd

    • SHA256

      194c939150cd885553cc6e02f1c8dbe5fb7bf327556245d76d6ea165ec959670

    • SHA512

      4fd5fbc6cd08367de3bbf71d05dd5ef0dd205ee8655b4511ff6249db2d47870a8173fee158a66bab55d8bcf5c02cb4f402584d23274fd8184d24264657e60cf0

    • SSDEEP

      12288:afyWzL1hFtK0pMQS3NRLSbL/3PiSQ9GLLsHBsVIdEJ6p206Z0yY9qigKekeqn/:sL1hFtK+9vPc9G4BsZP0RyABePqn/

    Score
    10/10
    cryptbotspywarestealerdiscovery

    • CryptBot

      A C++ stealer distributed widely in bundle with other software.

      spywarestealercryptbot

    • CryptBot payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks