General

  • Target

    9c7017b5d549a518b12695d93911753432ad875c10a5e72cf972b648724e896f

  • Size

    6.3MB

  • Sample

    240910-p3y7fawfpf

  • MD5

    c89442fdc276188162925474be70916c

  • SHA1

    df7c0d77d88a020b645679ec48d724c12200b320

  • SHA256

    9c7017b5d549a518b12695d93911753432ad875c10a5e72cf972b648724e896f

  • SHA512

    5dadec27c14f2f4b483e88ecc26e8c227c6e79a40b9c169195d9742006306c37a3daa0f4e1e517df0e8d80062199a6dacb4e3522da7b3454c3829ac5a243996a

  • SSDEEP

    196608:dn+aO2gqF+EbQkPu3kccTihG534LA4bQExIpe:dn+aOne+EbQ+38hG53404bBx7

Malware Config

Extracted

Family

cryptbot

C2

threv3pn.top

analforeverlovyu.top

Attributes
  • url_path

    /v1/upload.php

Targets

    • Target

      9c7017b5d549a518b12695d93911753432ad875c10a5e72cf972b648724e896f

    • Size

      6.3MB

    • MD5

      c89442fdc276188162925474be70916c

    • SHA1

      df7c0d77d88a020b645679ec48d724c12200b320

    • SHA256

      9c7017b5d549a518b12695d93911753432ad875c10a5e72cf972b648724e896f

    • SHA512

      5dadec27c14f2f4b483e88ecc26e8c227c6e79a40b9c169195d9742006306c37a3daa0f4e1e517df0e8d80062199a6dacb4e3522da7b3454c3829ac5a243996a

    • SSDEEP

      196608:dn+aO2gqF+EbQkPu3kccTihG534LA4bQExIpe:dn+aOne+EbQ+38hG53404bBx7

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks