Extracted

• • Target

    c56917c40623e6f97fb1168b7586d3434b3ba23e0ddaa40ebe455ff7ab7db2ff

  • Size

    6.4MB

  • MD5

    f7f25eb4fb89302ddfc596ad4dfb2907

  • SHA1

    0a6f2cffb64eef1b4f698427bd3144fb2c679f63

  • SHA256

    c56917c40623e6f97fb1168b7586d3434b3ba23e0ddaa40ebe455ff7ab7db2ff

  • SHA512

    27fdbf978393f1d41c13f36e9ce5dff79b332d9039207d21e1b6fedd7a13f42dc30cd5f06096d8cd29fb7cd97243fbb6da77abe5842cbf018ecbe0a18a23f951

  • SSDEEP

    98304:5DzbDAvp1RKnKWQEOVIx6jP4EEzC/PxWfdxFL2PbuNUde:5DzbDAvPRKvLcIxd0spqPbjde

  Score

  10^/10

  cryptbotcredential_accessdiscoveryspywarestealer

  • CryptBot

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2