General

  • Target

    039f5c692ba1c67c6e9b475738f40f4311e5e5625e4390d5e51685f6b4e548b8

  • Size

    6.3MB

  • Sample

    240907-pd1c7stgkg

  • MD5

    45b55d1e5d2bf60cc572f541ae6fa7d1

  • SHA1

    2329f56147a299bcdbf20520e626cc8253e49a8d

  • SHA256

    039f5c692ba1c67c6e9b475738f40f4311e5e5625e4390d5e51685f6b4e548b8

  • SHA512

    5483964e050b2be073d3cf966b6dd6271556d4adfb420fb9ecf81f42f27cd06727016292dceb9a282f9fdcb451507309d1a78f58dd5d84e3022c0ea20c58dbe2

  • SSDEEP

    49152:rDiHluIUMaBlQkeq99ytafJLHQH9UdaRESvgKQUN7LpNoyuwHw6c+M8rUr+9r:qABlQkeq9gtafJzQdUdatpgwdM8rUr4r

Malware Config

Extracted

Family

cryptbot

C2

fivev5sb.top

Attributes
  • url_path

    /v1/upload.php

Targets

    • Target

      039f5c692ba1c67c6e9b475738f40f4311e5e5625e4390d5e51685f6b4e548b8

    • Size

      6.3MB

    • MD5

      45b55d1e5d2bf60cc572f541ae6fa7d1

    • SHA1

      2329f56147a299bcdbf20520e626cc8253e49a8d

    • SHA256

      039f5c692ba1c67c6e9b475738f40f4311e5e5625e4390d5e51685f6b4e548b8

    • SHA512

      5483964e050b2be073d3cf966b6dd6271556d4adfb420fb9ecf81f42f27cd06727016292dceb9a282f9fdcb451507309d1a78f58dd5d84e3022c0ea20c58dbe2

    • SSDEEP

      49152:rDiHluIUMaBlQkeq99ytafJLHQH9UdaRESvgKQUN7LpNoyuwHw6c+M8rUr+9r:qABlQkeq9gtafJzQdUdatpgwdM8rUr4r

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks