Extracted

• • Target

    1bf7cdb7e9e4bb12b05fac24d3b5e8756a0055898934c0afacb08e3b469e4a74.exe

  • Size

    1.9MB

  • MD5

    00199aac9400a4f9793169130094c4cc

  • SHA1

    aeab187366c367e9ed2f46ef463bc7292ecc8b0f

  • SHA256

    1bf7cdb7e9e4bb12b05fac24d3b5e8756a0055898934c0afacb08e3b469e4a74

  • SHA512

    631e45078ca0152d07fec0677298afd24fc7a4de67e9d71892e7bd25e05f00bb884b732db22f7bcb902adef9938b5d7036536a95b10cf76fdeb44636cf9c08e6

  • SSDEEP

    49152:Zsvh3cKkvW2oH843/YM4tgY4BnjpOquIrQW:Zs8We43wM0gYYjpzuIrn

  Score

  10^/10

  cryptbotdiscoveryspywarestealer

  • CryptBot

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2