General

  • Target

    8691fbd230c961683f85d71baf197db1827b1f0171709ff042c98210395852cb

  • Size

    6.3MB

  • Sample

    240907-gt7s8aycpq

  • MD5

    9436c3bedc77e9213a52c15f22ae6aaf

  • SHA1

    dfe2814080dca3b704f301733db259cc1843a0e8

  • SHA256

    8691fbd230c961683f85d71baf197db1827b1f0171709ff042c98210395852cb

  • SHA512

    310a460bb992760e0c58b25524b468ee3e91293aa730039c0903adbb51f72841df994090dd1e228c43707f2a562979089eb822e10aacb480719da84352061f7b

  • SSDEEP

    49152:92ckb8jl5aDizTNFHjJgMnpWXq14Kb6Lm4dsU016vi5h/WBR4L7alGUW5/GbEH5J:92cvB5aslRnKu4Kb6L3dsrqAbSsSIJz

Malware Config

Extracted

Family

cryptbot

C2

threv3pt.top

analforeverlovyu.top

Attributes
  • url_path

    /v1/upload.php

Targets

    • Target

      8691fbd230c961683f85d71baf197db1827b1f0171709ff042c98210395852cb

    • Size

      6.3MB

    • MD5

      9436c3bedc77e9213a52c15f22ae6aaf

    • SHA1

      dfe2814080dca3b704f301733db259cc1843a0e8

    • SHA256

      8691fbd230c961683f85d71baf197db1827b1f0171709ff042c98210395852cb

    • SHA512

      310a460bb992760e0c58b25524b468ee3e91293aa730039c0903adbb51f72841df994090dd1e228c43707f2a562979089eb822e10aacb480719da84352061f7b

    • SSDEEP

      49152:92ckb8jl5aDizTNFHjJgMnpWXq14Kb6Lm4dsU016vi5h/WBR4L7alGUW5/GbEH5J:92cvB5aslRnKu4Kb6L3dsrqAbSsSIJz

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks