Extracted

• • Target

    8e77959a322818f06533b81d7bc00b36218439d722d2d64f8e78c0a1ec53a03e

  • Size

    6.4MB

  • MD5

    cacc70f8664e2e64794ca8f050efbbf3

  • SHA1

    35fff7e73ca52ed27f2e37519cc79dc3259bdc9e

  • SHA256

    8e77959a322818f06533b81d7bc00b36218439d722d2d64f8e78c0a1ec53a03e

  • SHA512

    df7eaff621e6683244cb33afd1232ebfeec9da1b4666db87f983f16f7cbe2e04668ebdd3fdcfffa6fea05d9dbd0009e3b2e3490a896574bb072e4ab96dfd8241

  • SSDEEP

    98304:gCApbmXuBRlox66Z8sTONqiy7bRyLK3FjK9mC0n0rePt4MPqA7y:VAp3W8sTviA1ye3Fj6W7tx7y

  Score

  10^/10

  cryptbotcredential_accessdiscoveryspywarestealer

  • CryptBot

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2