General

  • Target

    33aa15840fa1e968dd2b34e3a1e778a4999492548e8c5021fb6cb16d70ffdeef

  • Size

    6.3MB

  • Sample

    240907-dznezssepm

  • MD5

    91fbabbbc614002c9b6e4fcc4d9be7be

  • SHA1

    eb802b7f79472d4af54724f8f1f52d97919d9666

  • SHA256

    33aa15840fa1e968dd2b34e3a1e778a4999492548e8c5021fb6cb16d70ffdeef

  • SHA512

    d62503d171391d4a481918aabc2d31b537bd4e4c633d63f750c5206a086042b595b706e17991642bcbb2fe069797af7fb2746961fe54dbf9fe8dd0b788687e14

  • SSDEEP

    98304:FUcLE2Iy5Eq0NalFV9YK4UyfPQPpfb4BmJnBSvEsgA9zSgnQ9JAC3dSXPN:F/BMEpMcJnItL/YtSXl

Malware Config

Extracted

Family

cryptbot

C2

fiftv15pt.top

analforeverlovyu.top

Attributes
  • url_path

    /v1/upload.php

Targets

    • Target

      33aa15840fa1e968dd2b34e3a1e778a4999492548e8c5021fb6cb16d70ffdeef

    • Size

      6.3MB

    • MD5

      91fbabbbc614002c9b6e4fcc4d9be7be

    • SHA1

      eb802b7f79472d4af54724f8f1f52d97919d9666

    • SHA256

      33aa15840fa1e968dd2b34e3a1e778a4999492548e8c5021fb6cb16d70ffdeef

    • SHA512

      d62503d171391d4a481918aabc2d31b537bd4e4c633d63f750c5206a086042b595b706e17991642bcbb2fe069797af7fb2746961fe54dbf9fe8dd0b788687e14

    • SSDEEP

      98304:FUcLE2Iy5Eq0NalFV9YK4UyfPQPpfb4BmJnBSvEsgA9zSgnQ9JAC3dSXPN:F/BMEpMcJnItL/YtSXl

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks