General

  • Target

    33b1feca63927883a06a667d13255b0db73c87ff11bfa396cff5f691e1983184

  • Size

    6.4MB

  • Sample

    240908-t5z9qswerk

  • MD5

    6fe57f17e8f05dbfaef51dff071d5dfe

  • SHA1

    6e2c04d41f7224d00f2ee00d8367597db3c2d2e1

  • SHA256

    33b1feca63927883a06a667d13255b0db73c87ff11bfa396cff5f691e1983184

  • SHA512

    82cd5fe0744a929f0842a8763aeb0dc9579b8ea1d407f37f21f26a5eddf293545c43e7fcaedb8c41ca356551abd11662fb4a3677aba57515fcf0934eff65ee5c

  • SSDEEP

    98304:wgb/KWKVxvjJphjT3d8NWl2lK9YIx81n2:B/KWKjtjpEWWn2

Malware Config

Extracted

Family

cryptbot

C2

threv3sb.top

analforeverlovyu.top

Attributes
  • url_path

    /v1/upload.php

Targets

    • Target

      33b1feca63927883a06a667d13255b0db73c87ff11bfa396cff5f691e1983184

    • Size

      6.4MB

    • MD5

      6fe57f17e8f05dbfaef51dff071d5dfe

    • SHA1

      6e2c04d41f7224d00f2ee00d8367597db3c2d2e1

    • SHA256

      33b1feca63927883a06a667d13255b0db73c87ff11bfa396cff5f691e1983184

    • SHA512

      82cd5fe0744a929f0842a8763aeb0dc9579b8ea1d407f37f21f26a5eddf293545c43e7fcaedb8c41ca356551abd11662fb4a3677aba57515fcf0934eff65ee5c

    • SSDEEP

      98304:wgb/KWKVxvjJphjT3d8NWl2lK9YIx81n2:B/KWKjtjpEWWn2

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks