General

  • Target

    extract.rar

  • Size

    20.2MB

  • Sample

    240910-sz21psscnc

  • MD5

    fc154e8e90e53b7edcdec1303221c87b

  • SHA1

    6cf240924796bbdd0aee650d73fc3c0b8f3048aa

  • SHA256

    dd142b47e5bb1625c1b8b0ede73b41101d63e59116d21029ab64794809709675

  • SHA512

    e08d32ed5ee0ee53c491f4a4405fa5824aba1bf7d13fe4fa8ead6d15046117ffccbdfd7ef22aefac48c720653ee34893cddad120d365cda935f5f64f6d099f3c

  • SSDEEP

    393216:7NqvvpKx/8smzmI9HsfgQKi/F9rUFiImz/SB70dgkxyveYvxetGeVV94:cvvMx/8sqvHsfgQKmDIi6agHJesyVi

Malware Config

Extracted

Family

cryptbot

C2

forv14pn.top

Attributes
  • url_path

    /v1/upload.php

Targets

    • Target

      Set-up.exe

    • Size

      6.3MB

    • MD5

      334beed5851da0d5cb75bc243ba1b375

    • SHA1

      8e62bd80ecbbd392623bfd9145c2c52f5f072624

    • SHA256

      e809f6469c269f3bf3aec45124bb5cecd37d41aa431bb57f9ed11c9bc789b2d9

    • SHA512

      906311a3f6d7ba22f5e95975df71b4d27815491404c00856767ecbde1da7115cbbddc4e234fd38c3e901175db38f8f3526d2662ac62c81a1b461f1ae02a3896a

    • SSDEEP

      98304:6tUNUi7mZ4QaiCDV8SpHR6gda7J2FvyJ/Ve:6ziqZ4QaN8SRR6gd6cFI/Ve

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      config.prx

    • Size

      364KB

    • MD5

      14934caca84d5fe0288f27efb31dcbf8

    • SHA1

      98c8c659488a5782679112e0ffb089422a664ac5

    • SHA256

      7fa86147035627bae39576bcbe619d045e94a48c4db8ca131968c20bb4de4a36

    • SHA512

      9a239132a46fe578fa04ff727d8c28f9e1d179e7154619670a22a403819f337af0a96ebd7081d04d53910a12bbdc548b3cd2b2a285931c92f1c149ad5d846a6a

    • SSDEEP

      3072:rbT9vTZFNSlIbVf7o3Cyi7igb/Js0S6uZZspiDbZHNjWOnNxFiKey1ISQlXflY:fRvNvvbhOq7F3S/qpiDlNCONvmXdY

    Score
    3/10
    • Target

      mfc100u.dll

    • Size

      5.3MB

    • MD5

      85ed13922df97474af9979ca456c6748

    • SHA1

      d79cdd200b6543e06d18ed67e44c7bba50de7d85

    • SHA256

      4c33d4179fff5d7aa7e046e878cd80c0146b0b134ae0092ce7547607abc76a49

    • SHA512

      dcf9bb66a621d49d036f418337c2c454c3a3212c3d008c2dfe764b374ffaed1ce7ea3c6fb30f0c30a64ae3b901146fe474427e9bf4931e01e1a5cb5dcf2b5033

    • SSDEEP

      98304:H0g27TTwiMfeEA5KFLOAkGkzdnEVomFHKnPA:H0g2H8kEHFLOyomFHKnPA

    Score
    1/10
    • Target

      msvcp100.dll

    • Size

      593KB

    • MD5

      d029339c0f59cf662094eddf8c42b2b5

    • SHA1

      a0b6de44255ce7bfade9a5b559dd04f2972bfdc8

    • SHA256

      934d882efd3c0f3f1efbc238ef87708f3879f5bb456d30af62f3368d58b6aa4c

    • SHA512

      021d9af52e68cb7a3b0042d9ed6c9418552ee16df966f9ccedd458567c47d70471cb8851a69d3982d64571369664faeeae3be90e2e88a909005b9cdb73679c82

    • SSDEEP

      12288:koBFUsQ1H5FH3YUTd/df0RA7XkNvEKZm+aWodEEiblHN/:dFUsQ1H5FHdGKkNvEKZm+aWodEEcHN/

    Score
    1/10
    • Target

      msvcr100.dll

    • Size

      809KB

    • MD5

      366fd6f3a451351b5df2d7c4ecf4c73a

    • SHA1

      50db750522b9630757f91b53df377fd4ed4e2d66

    • SHA256

      ae3cb6c6afba9a4aa5c85f66023c35338ca579b30326dd02918f9d55259503d5

    • SHA512

      2de764772b68a85204b7435c87e9409d753c2196cf5b2f46e7796c99a33943e167f62a92e8753eaa184cd81fb14361e83228eb1b474e0c3349ed387ec93e6130

    • SSDEEP

      12288:QgzGPEett9Mw9HfBCddjMb2NQVmTW75JfmyyKWeHQGoko+1:HzJetPMw9HfBCrMb2Kc6dmyyKWewGzB1

    Score
    1/10
    • Target

      opengl64.dll

    • Size

      17.7MB

    • MD5

      0a84667145e7efef026c888d4b768126

    • SHA1

      27673e1bd7c55bba6eaa37620d3b3820ce45d46a

    • SHA256

      dd575f3c64382193610815909bd2c52490244ecbbb9bba6eef5fe4f0bb43bb4d

    • SHA512

      3e964c996ed358787c4dfdb965a00b38b4118c804ae1bf8d32aeb7d936584e72c188e3fa0d27d1c2ffd3be13dca8045b08b28b15070812c195d82d1bf23a2604

    • SSDEEP

      393216:PXhbUNnoBP98OQ//aXUszfTBHCOUZ2UenCDkOH2:PXhNB4nlW

    Score
    1/10
    • Target

      plugins/CryptoPP530Fips32.dll

    • Size

      1.2MB

    • MD5

      9a7234078559093e06c9d32148ed95a3

    • SHA1

      40361dad15b9b5ae2757a21d1ce6a61c3c37e891

    • SHA256

      32f5d0a454c26e8aa6f4cad58f3782337cc97cfe2305bbfe564437e5f0d51bbc

    • SHA512

      9a2c3761d799999a691cd605f11c4014f604afa9a46b3b4c9999eef177f0e703ca2ed52c22824cba613559ce37bd134c566d54a4e51141828816b02a4f3da05b

    • SSDEEP

      24576:4pPfSOTjS+katpqQTutqG3kGP7NS0LdbiAJ:4VnTu+kNQqqG3kIE0Ldb3J

    Score
    3/10
    • Target

      plugins/CryptoPP530Fips64.dll

    • Size

      1.9MB

    • MD5

      5421d49c2b1eabcbf9fc3cd5b3a4a7d2

    • SHA1

      0028edceb5be4fd315b460b37f499667564a1367

    • SHA256

      f555d9a75aff39ea48a8c51a833833f7892060a3421c57546640bd560e87e67b

    • SHA512

      92ad7321a80d3e718e0c625bdf6d4fb122bc661e6b955744d513f043fd7733e39e13ab7a994a4bb140eec3c1b3d72ddddd9dc12d98a83811bbf1ab2266946e20

    • SSDEEP

      24576:3nn521M2+LQvsrfqPmckkcltu9Wl0iY9Cu4biY7DvCQ4Rze4:3n521M12cPY9Cu4j7WQ4Rzz

    Score
    1/10
    • Target

      plugins/FlowSshC32.dll

    • Size

      5.7MB

    • MD5

      c4c176f948aaefdbac2007be7540f807

    • SHA1

      fab53fea6bf9b66edf37c05f96d0113e7b3ff151

    • SHA256

      b7ce745085da1ea321ba210178f90c7fbda7419a64452a887219b6fdc7ef762c

    • SHA512

      f0883c2f65189a9992af98fc05947df34a43740d4c22196a2d3922edfe7e4fb2bcd75226a24b9482d2be5961eeb63a015a329a3a524f25d7e8c6acba31ab80bf

    • SSDEEP

      49152:XMZDDtZO0oV8BPKzv694e7rnSmRw6DKnByzYC3rkOmcdbzKgZI9cji115OVcrDom:cno0w8BPW694evnSmG6oY013S26vCL4M

    Score
    3/10
    • Target

      plugins/FlowSshC64.dll

    • Size

      7.7MB

    • MD5

      0a86f2e157f36783f412379b8b94a1a6

    • SHA1

      f679118d538d8c0aab0d8693f8b9b86bc9ccef2e

    • SHA256

      27056202300c852631354871960619ad713baf02f06d080afb1ccaba3ce6bc69

    • SHA512

      ea8101c2c5dfe11859cfc3539a82b66692920aec8fbe8d64ee5a32475247f71ca98482e8c20b297811ff3d235738e9c20ace33142e4833162068cb1f67c523bf

    • SSDEEP

      49152:EpBqTfDVWxBameIwNZP81iXc6WOptqQbFYdzyCs7Cqy1mZ1PVJLnbd1AYLik7J3g:QE7kBvoXZgx+JLbdXxiflHsvhq75b5

    Score
    1/10
    • Target

      plugins/Microsoft.VisualStudio.VsWebProtocol

    • Size

      661KB

    • MD5

      91acf072fe60b3ef9867faec1a7a8cb0

    • SHA1

      f5beee29187c4573acbf5a9105b6b475b6565f61

    • SHA256

      1f49adc807a564e7c1ecf32f58074a1230a6fe4764e8f54ce7ffa8c2e880dcca

    • SHA512

      6e096399e0afeb7c5f1a2a60204b887e946b3b6bc926fc5a78a97592a202954ec5e83ececc3ab1f66a2343db10c2974c15462837df342b0c5f6ad4594bd21b37

    • SSDEEP

      6144:iMuijXEeWt742E+F94FQoS+LZjXEmItnl9:HukEeWtEQr4Fi+LxEmItl9

    Score
    1/10
    • Target

      plugins/NvStWiz

    • Size

      432KB

    • MD5

      9e82e3b658393bed3f7e4f090df1fbe7

    • SHA1

      bfff954b8ef192c01af9fb5d9141a21279cb9c31

    • SHA256

      c2ad5bd189df04b39be18dec5cd251cf79b066010706ad26d99df7e49fd07762

    • SHA512

      de6a1e62d4e33f807d9c04f355a762717eedbcf540e747a97ba824871d4a1f144f4929141df333711d42af01e441dbbcecbb25a6a4f8ec073a024d94197b776b

    • SSDEEP

      6144:9S4bS5XFvti0A0YqsAtMZDeJmdzh8KL5g3AepeV2fbRahYzUM3:9SMCXFFe0YqsAtEeJKCqN2jRahYp

    Score
    3/10
    • Target

      plugins/StartupHelper

    • Size

      364KB

    • MD5

      14934caca84d5fe0288f27efb31dcbf8

    • SHA1

      98c8c659488a5782679112e0ffb089422a664ac5

    • SHA256

      7fa86147035627bae39576bcbe619d045e94a48c4db8ca131968c20bb4de4a36

    • SHA512

      9a239132a46fe578fa04ff727d8c28f9e1d179e7154619670a22a403819f337af0a96ebd7081d04d53910a12bbdc548b3cd2b2a285931c92f1c149ad5d846a6a

    • SSDEEP

      3072:rbT9vTZFNSlIbVf7o3Cyi7igb/Js0S6uZZspiDbZHNjWOnNxFiKey1ISQlXflY:fRvNvvbhOq7F3S/qpiDlNCONvmXdY

    Score
    3/10
    • Target

      plugins/cache/ICQLiteShell.dll

    • Size

      56KB

    • MD5

      05e61539b8917fca37c03756bbdd043d

    • SHA1

      5a72e0e528260de0ea5b34badb9e5f9873cb4245

    • SHA256

      515c8e0b93f0fef15da3e2573ad92b7e7840374140e65e5d73df63d8e22cb3e8

    • SHA512

      565d57783e6044d6e7e2026c79dbd897e637c5e1d96e7930dc704ef2b6d801669b38f0c26382f00e67e26668439274941e937a0ade54666de50b5d84f6da7e97

    • SSDEEP

      768:YEGJ9blT7XZBSbHwJU+tGR0KZUyGKZ0ZgwmF1+3UVambg:YEGJ9bln5o0KZjGKZ0Z1mF1+3UVayg

    Score
    3/10
    • Target

      plugins/cache/ICQRT.dll

    • Size

      32KB

    • MD5

      1aedcb8994d6ad63ef9dcb87016e028f

    • SHA1

      f5b891aa15c6353b681bdb7e2d96c6ac8a5f02d7

    • SHA256

      53e1f40144bab532f9700ff25ec3d5c6a39784a98e17fada583b4ee6d9dd5dbc

    • SHA512

      89c0f408797c4d78afc52335a9e162345c614e1e419f55487cb358c14f7a69ec82138a7e6250be3133233386ba3659d241e80ab63c9b972b6c8b26b0424cb0c8

    • SSDEEP

      384:+qtTeds1tkMAp4TxCW9su5UcSu93ggoXUQQIPGEANHl:FTedukelF95RjQUUPpANHl

    Score
    3/10
    • Target

      plugins/cache/Language/LiteRes.dll

    • Size

      735KB

    • MD5

      88962410244bc5c03482b82a7e3cb5e1

    • SHA1

      4622be2d3deda305bf0a16c0e01bc2ecf9d56fad

    • SHA256

      afa884228afc5c05f4b47e90b6de42854d5a8886ec5ed15a253faeccd5309036

    • SHA512

      c6e7667f91c1439e33ad4d9e2052b7c9fcc3ca2c7688d9e2bc0550b71a5762b76aa76427331df0217429d9bd984925997c7a8d009f25e44e2776c5ce7cc9d98c

    • SSDEEP

      6144:x9Ej/jb82/HRoXO1q2pt+Mc1/PDPicsUzM+gYESoE/wOuET8F62bH5vnGfcJvl+b:fqptG/PDPo0no2Iq8F6CHBTWqU

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

cryptbotcredential_accessdiscoveryspywarestealer
Score
10/10

behavioral2

cryptbotcredential_accessdiscoveryspywarestealer
Score
10/10

behavioral3

Score
1/10

behavioral4

discovery
Score
3/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

Score
1/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10