General

  • Target

    Set-up.exe

  • Size

    6.3MB

  • Sample

    240910-aaz6psxalr

  • MD5

    3406055d6c38b0219192413e4cd18a2b

  • SHA1

    80be1c096353caae8b01182b39df81191ae7924f

  • SHA256

    008363271c52663213d521af1a6c9cf1b9e2d4be17a629ff6079a69e796236c8

  • SHA512

    077c2fe82e5093b5bd3912ffb307495c3a58e03b2eb4c5003c30e07b0bf41012d695c1525b4ff138c9a0e4427b70a6732873b17aa5c06cf830ab56e0fa7d6311

  • SSDEEP

    98304:ui+pBnmP/EW4Cz1NEG7NWOxUFXjn+xjYQEaTZFBHSbKu0:uRTW4Cy4NwneLEaTZFBHfu0

Malware Config

Extracted

Family

cryptbot

C2

fiftv15pn.top

analforeverlovyu.top

Attributes
  • url_path

    /v1/upload.php

Targets

    • Target

      Set-up.exe

    • Size

      6.3MB

    • MD5

      3406055d6c38b0219192413e4cd18a2b

    • SHA1

      80be1c096353caae8b01182b39df81191ae7924f

    • SHA256

      008363271c52663213d521af1a6c9cf1b9e2d4be17a629ff6079a69e796236c8

    • SHA512

      077c2fe82e5093b5bd3912ffb307495c3a58e03b2eb4c5003c30e07b0bf41012d695c1525b4ff138c9a0e4427b70a6732873b17aa5c06cf830ab56e0fa7d6311

    • SSDEEP

      98304:ui+pBnmP/EW4Cz1NEG7NWOxUFXjn+xjYQEaTZFBHSbKu0:uRTW4Cy4NwneLEaTZFBHfu0

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks