General

  • Target

    7cf0185642f838bbc7302042ab125738.bin

  • Size

    2.3MB

  • Sample

    240910-bt6chasaqc

  • MD5

    4fc7f254f10d2e9ecc2501584b63544a

  • SHA1

    eb7316eff3bcd17e3b00b3b8dc8d1833eb168a00

  • SHA256

    8c06e311cc5c322f33b0a86468086bcdaa2754763b98948a4558a157d06f109d

  • SHA512

    b52894866ddd66ffbb4bf0eb372a6629759154c8fd79e6edee3905c0f3184e7c3a5b713604f3817b863971f564b7660acf04eb2f5f9cf74d3dad3066c33d816e

  • SSDEEP

    49152:I6rdeR8DjCOys8bApqAWp2t0O7341e/Q7WM6lXcOeS1P:I6rdeR4+KJWG0e341j56lXKS1P

Malware Config

Extracted

Family

cryptbot

C2

twov2sb.top

analforeverlovyu.top

Attributes
  • url_path

    /v1/upload.php

Targets

    • Target

      8308a1f017b0424a8454d518ac05fcac0a7303e78fbbb1ab917ed311f1a1e8c3.exe

    • Size

      6.3MB

    • MD5

      7cf0185642f838bbc7302042ab125738

    • SHA1

      3f3ceaa4357b16cf858bb41164b65abfd8525bc9

    • SHA256

      8308a1f017b0424a8454d518ac05fcac0a7303e78fbbb1ab917ed311f1a1e8c3

    • SHA512

      fd07883848044c661d97c89eaf97f223912aafb37f646d13bb112f68f122b060f2495133e8602c21f54f7225fd54d2fbd1d82df8721aab8519aa975d9b036291

    • SSDEEP

      49152:GvDlD8EId8DvlKyA5RkLxNumu6Rn8QIdidmN3qE1g5xyl+3OY5b4N+2E5fqmOgPO:GLDIodU91g5xlX5tIVOCKl21p

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks