Resubmissions

10-09-2024 14:37

240910-rzlhaaxhqk 10

10-09-2024 14:35

240910-rx4abazcka 3

General

  • Target

    extract.rar

  • Size

    20.2MB

  • Sample

    240910-rzlhaaxhqk

  • MD5

    fc154e8e90e53b7edcdec1303221c87b

  • SHA1

    6cf240924796bbdd0aee650d73fc3c0b8f3048aa

  • SHA256

    dd142b47e5bb1625c1b8b0ede73b41101d63e59116d21029ab64794809709675

  • SHA512

    e08d32ed5ee0ee53c491f4a4405fa5824aba1bf7d13fe4fa8ead6d15046117ffccbdfd7ef22aefac48c720653ee34893cddad120d365cda935f5f64f6d099f3c

  • SSDEEP

    393216:7NqvvpKx/8smzmI9HsfgQKi/F9rUFiImz/SB70dgkxyveYvxetGeVV94:cvvMx/8sqvHsfgQKmDIi6agHJesyVi

Malware Config

Extracted

Family

cryptbot

C2

forv14pn.top

Attributes
  • url_path

    /v1/upload.php

Targets

    • Target

      Set-up.exe

    • Size

      6.3MB

    • MD5

      334beed5851da0d5cb75bc243ba1b375

    • SHA1

      8e62bd80ecbbd392623bfd9145c2c52f5f072624

    • SHA256

      e809f6469c269f3bf3aec45124bb5cecd37d41aa431bb57f9ed11c9bc789b2d9

    • SHA512

      906311a3f6d7ba22f5e95975df71b4d27815491404c00856767ecbde1da7115cbbddc4e234fd38c3e901175db38f8f3526d2662ac62c81a1b461f1ae02a3896a

    • SSDEEP

      98304:6tUNUi7mZ4QaiCDV8SpHR6gda7J2FvyJ/Ve:6ziqZ4QaN8SRR6gd6cFI/Ve

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks