General
-
Target
33b1feca63927883a06a667d13255b0db73c87ff11bfa396cff5f691e1983184
-
Size
6.4MB
-
Sample
240908-t5z9qswerk
-
MD5
6fe57f17e8f05dbfaef51dff071d5dfe
-
SHA1
6e2c04d41f7224d00f2ee00d8367597db3c2d2e1
-
SHA256
33b1feca63927883a06a667d13255b0db73c87ff11bfa396cff5f691e1983184
-
SHA512
82cd5fe0744a929f0842a8763aeb0dc9579b8ea1d407f37f21f26a5eddf293545c43e7fcaedb8c41ca356551abd11662fb4a3677aba57515fcf0934eff65ee5c
-
SSDEEP
98304:wgb/KWKVxvjJphjT3d8NWl2lK9YIx81n2:B/KWKjtjpEWWn2
Static task
static1
Behavioral task
behavioral1
Sample
33b1feca63927883a06a667d13255b0db73c87ff11bfa396cff5f691e1983184.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral2
Sample
33b1feca63927883a06a667d13255b0db73c87ff11bfa396cff5f691e1983184.exe
Resource
win11-20240802-en
Malware Config
Extracted
cryptbot
threv3sb.top
analforeverlovyu.top
-
url_path
/v1/upload.php
Targets
-
-
Target
33b1feca63927883a06a667d13255b0db73c87ff11bfa396cff5f691e1983184
-
Size
6.4MB
-
MD5
6fe57f17e8f05dbfaef51dff071d5dfe
-
SHA1
6e2c04d41f7224d00f2ee00d8367597db3c2d2e1
-
SHA256
33b1feca63927883a06a667d13255b0db73c87ff11bfa396cff5f691e1983184
-
SHA512
82cd5fe0744a929f0842a8763aeb0dc9579b8ea1d407f37f21f26a5eddf293545c43e7fcaedb8c41ca356551abd11662fb4a3677aba57515fcf0934eff65ee5c
-
SSDEEP
98304:wgb/KWKVxvjJphjT3d8NWl2lK9YIx81n2:B/KWKjtjpEWWn2
Score10/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-