cryptbot | 2027a3fc488a5ecfa69e9a9057c8975e2d28cd6c937197ec69fc896c971285c3 | Triage

Submit
Reports

Overview

overview

Static

static

3

fe905ed17b...18.exe

windows10-2004-x64

Sharing

General

Target

fe905ed17bcf3e53a9a38f0ace182e96_JaffaCakes118
Size

1.5MB
Sample

240421-gcqtdacg8y
MD5

fe905ed17bcf3e53a9a38f0ace182e96
SHA1

ff1cefd1d5310c2d1aee48f770753bd7cd64e669
SHA256

2027a3fc488a5ecfa69e9a9057c8975e2d28cd6c937197ec69fc896c971285c3
SHA512

4c09285f0629ead58770238b2637abd561ec39748336526903fa943cc3a11cf51c1d5c38d5d145b8d857cfa3f3fc12a85d288797c398c284de817f51ccf087c7
SSDEEP

24576:fFb534xD3XpyiIkLlHpEZDsKdW4RvYijfWHaAZ0iWc7MupkAy/jLAT5FrFlPMtcm:Jh4ZdZpyDsKdWbijoT5fMupfILWlBpMt

Score

10^/10

cryptbot discovery persistence spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fe905ed17bcf3e53a9a38f0ace182e96_JaffaCakes118.exe

Resource

win10v2004-20240412-en

cryptbot discovery persistence spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

cryptbot

C2

ewaqfe45.top

morjau04.top

Attributes

payload_url
http://winhaf05.top/download.php?file=lv.exe

Targets

- Target
  
  fe905ed17bcf3e53a9a38f0ace182e96_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  fe905ed17bcf3e53a9a38f0ace182e96
- SHA1
  
  ff1cefd1d5310c2d1aee48f770753bd7cd64e669
- SHA256
  
  2027a3fc488a5ecfa69e9a9057c8975e2d28cd6c937197ec69fc896c971285c3
- SHA512
  
  4c09285f0629ead58770238b2637abd561ec39748336526903fa943cc3a11cf51c1d5c38d5d145b8d857cfa3f3fc12a85d288797c398c284de817f51ccf087c7
- SSDEEP
  
  24576:fFb534xD3XpyiIkLlHpEZDsKdW4RvYijfWHaAZ0iWc7MupkAy/jLAT5FrFlPMtcm:Jh4ZdZpyDsKdWbijoT5fMupfILWlBpMt
Score

10^/10

cryptbot discovery persistence spyware stealer
- CryptBot
  A C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- CryptBot payload
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cryptbotdiscoverypersistencespywarestealer

© 2018-2024

Terms | Privacy