General

  • Target

    5f1cbbb7d463d65ca2eab574a616b7f6d9b495aecca199a440604d95e42eef0f

  • Size

    6.4MB

  • Sample

    240906-z4lmvayarl

  • MD5

    d686f7fab3325c64d8d0afa29c2b1957

  • SHA1

    5c8b2c5e4e834d6ed1c5c96549a5e24c3d54538a

  • SHA256

    5f1cbbb7d463d65ca2eab574a616b7f6d9b495aecca199a440604d95e42eef0f

  • SHA512

    e0f91a93a3479335bfbad2f52c4fba8a90bd515e7175e2ce589383fa8cae5373452ba5719965be678c16b8f37b8a042160a70edd17617b7c3b756048f5e9a4ec

  • SSDEEP

    98304:R+5lqRBZUOd+hR3CN0EJNAj8xDQi9yaKgl/qENeVAYleI:RGqnOOdYtCNhJNl8yyaKglyKeVpeI

Malware Config

Extracted

Family

cryptbot

C2

fivev5pt.top

analforeverlovyu.top

Attributes
  • url_path

    /v1/upload.php

Targets

    • Target

      5f1cbbb7d463d65ca2eab574a616b7f6d9b495aecca199a440604d95e42eef0f

    • Size

      6.4MB

    • MD5

      d686f7fab3325c64d8d0afa29c2b1957

    • SHA1

      5c8b2c5e4e834d6ed1c5c96549a5e24c3d54538a

    • SHA256

      5f1cbbb7d463d65ca2eab574a616b7f6d9b495aecca199a440604d95e42eef0f

    • SHA512

      e0f91a93a3479335bfbad2f52c4fba8a90bd515e7175e2ce589383fa8cae5373452ba5719965be678c16b8f37b8a042160a70edd17617b7c3b756048f5e9a4ec

    • SSDEEP

      98304:R+5lqRBZUOd+hR3CN0EJNAj8xDQi9yaKgl/qENeVAYleI:RGqnOOdYtCNhJNl8yyaKglyKeVpeI

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks