General

  • Target

    4ede76c640451711fc0a66f4bd5c5ef024f02affe68d2f9d8c9436092d4155e6

  • Size

    6.3MB

  • Sample

    240906-3j7alatdpe

  • MD5

    86f618c655fd1c22ec6e1ce683156611

  • SHA1

    35ca2833b399fd7bd5bc58dc1ce5cacaae006f64

  • SHA256

    4ede76c640451711fc0a66f4bd5c5ef024f02affe68d2f9d8c9436092d4155e6

  • SHA512

    72a58d2843eb0c10700fc82e89519590159064f0bbac72d4041a819e0ec4124df67778069b367f9d93ef46860f938195acb4d3de9e01e0c2001ed3b3f7390056

  • SSDEEP

    49152:rJqDRJ3ilTFrSC9kIgREDcoGeaaKMeVN/MePiyyWkk234yXYaspHoN2AdXsMDzs7:rVlxWWkLREDcDeabRLXgk941IXv

Malware Config

Extracted

Family

cryptbot

C2

siv6pt.top

analforeverlovyu.top

Attributes
  • url_path

    /v1/upload.php

Targets

    • Target

      4ede76c640451711fc0a66f4bd5c5ef024f02affe68d2f9d8c9436092d4155e6

    • Size

      6.3MB

    • MD5

      86f618c655fd1c22ec6e1ce683156611

    • SHA1

      35ca2833b399fd7bd5bc58dc1ce5cacaae006f64

    • SHA256

      4ede76c640451711fc0a66f4bd5c5ef024f02affe68d2f9d8c9436092d4155e6

    • SHA512

      72a58d2843eb0c10700fc82e89519590159064f0bbac72d4041a819e0ec4124df67778069b367f9d93ef46860f938195acb4d3de9e01e0c2001ed3b3f7390056

    • SSDEEP

      49152:rJqDRJ3ilTFrSC9kIgREDcoGeaaKMeVN/MePiyyWkk234yXYaspHoN2AdXsMDzs7:rVlxWWkLREDcDeabRLXgk941IXv

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks