General

  • Target

    08513024393b06758c2877866c7d1c491d6cabc6a0660e462ef86e1e41436d47

  • Size

    6.4MB

  • Sample

    240907-sr4jkascnf

  • MD5

    86009878e773a32559fc89f0aabd0119

  • SHA1

    4d038229bf1c2ef0b0d8eda5548a482bb968bdd7

  • SHA256

    08513024393b06758c2877866c7d1c491d6cabc6a0660e462ef86e1e41436d47

  • SHA512

    e98e21473e489b3a3a8d72647242aad9b29474dc97c77d4c38348bc5aa7f1219344dcbd79392e0607ec436e9faa36adf675b15141e6515e2979ad92deaa38415

  • SSDEEP

    98304:afbMZZqPt08wj1NPuZCQmrwiFW+ME05DA17:afbuQt0v1JuZwrq+zADA17

Malware Config

Extracted

Family

cryptbot

C2

analforeverlovyu.top

siv6sb.top

Attributes
  • url_path

    /v1/upload.php

Targets

    • Target

      08513024393b06758c2877866c7d1c491d6cabc6a0660e462ef86e1e41436d47

    • Size

      6.4MB

    • MD5

      86009878e773a32559fc89f0aabd0119

    • SHA1

      4d038229bf1c2ef0b0d8eda5548a482bb968bdd7

    • SHA256

      08513024393b06758c2877866c7d1c491d6cabc6a0660e462ef86e1e41436d47

    • SHA512

      e98e21473e489b3a3a8d72647242aad9b29474dc97c77d4c38348bc5aa7f1219344dcbd79392e0607ec436e9faa36adf675b15141e6515e2979ad92deaa38415

    • SSDEEP

      98304:afbMZZqPt08wj1NPuZCQmrwiFW+ME05DA17:afbuQt0v1JuZwrq+zADA17

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks