General

  • Target

    cb5ad18649a907f49154af26ad332030N

  • Size

    6.4MB

  • Sample

    240910-j8cmqswanf

  • MD5

    cb5ad18649a907f49154af26ad332030

  • SHA1

    46acabf085b42f39bf085432ce436a2d895d8dad

  • SHA256

    8874ee4d9c878a6dc7f2681ec36df05cb09c44ccb3be0ec89569f5bdece80519

  • SHA512

    36363dde451354f6e87ee48a2b68a55cec92887a49e40844141e60ff9374b694aa6a3225a20dfb3f496d1fe0ebf6be7551adf1109ae037dfa80ad7387a19cd8c

  • SSDEEP

    98304:nrNPA5ZwbswWhll1i2BXyv7KAqGSHqstqtZQbYSx:nrNA0ii2BX8xWqtZQsSx

Malware Config

Extracted

Family

cryptbot

C2

tventyv20sb.top

analforeverlovyu.top

Attributes
  • url_path

    /v1/upload.php

Targets

    • Target

      cb5ad18649a907f49154af26ad332030N

    • Size

      6.4MB

    • MD5

      cb5ad18649a907f49154af26ad332030

    • SHA1

      46acabf085b42f39bf085432ce436a2d895d8dad

    • SHA256

      8874ee4d9c878a6dc7f2681ec36df05cb09c44ccb3be0ec89569f5bdece80519

    • SHA512

      36363dde451354f6e87ee48a2b68a55cec92887a49e40844141e60ff9374b694aa6a3225a20dfb3f496d1fe0ebf6be7551adf1109ae037dfa80ad7387a19cd8c

    • SSDEEP

      98304:nrNPA5ZwbswWhll1i2BXyv7KAqGSHqstqtZQbYSx:nrNA0ii2BX8xWqtZQsSx

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks