General

  • Target

    52883bc653857e9cf8fc2c8fa9e5fad985fa8e193aecba917aa9f4cc09e8fa09.exe

  • Size

    2.7MB

  • Sample

    240911-b6nm8awdjp

  • MD5

    74c6a610213136276a064a4fc62a077e

  • SHA1

    a868a44d050b9ae5952f4c2efff8588455684675

  • SHA256

    52883bc653857e9cf8fc2c8fa9e5fad985fa8e193aecba917aa9f4cc09e8fa09

  • SHA512

    3673016843fed29f56d4e727c4dc42bf226318b225ebc43bbcedcca747f069de79984768dc6aad43b795c520da92823884af1fa66ecd2be0597c2f75aaa8f5f2

  • SSDEEP

    49152:SVSgxv3wgG/HPxRbc0ik3/xNchpHb+Ydv1wdP7lPpF:Slx4gQHhypOtpF

Malware Config

Extracted

Family

cryptbot

C2

analforeverlovyu.top

twezx12vt.top

Attributes
  • url_path

    /v1/upload.php

Targets

    • Target

      52883bc653857e9cf8fc2c8fa9e5fad985fa8e193aecba917aa9f4cc09e8fa09.exe

    • Size

      2.7MB

    • MD5

      74c6a610213136276a064a4fc62a077e

    • SHA1

      a868a44d050b9ae5952f4c2efff8588455684675

    • SHA256

      52883bc653857e9cf8fc2c8fa9e5fad985fa8e193aecba917aa9f4cc09e8fa09

    • SHA512

      3673016843fed29f56d4e727c4dc42bf226318b225ebc43bbcedcca747f069de79984768dc6aad43b795c520da92823884af1fa66ecd2be0597c2f75aaa8f5f2

    • SSDEEP

      49152:SVSgxv3wgG/HPxRbc0ik3/xNchpHb+Ydv1wdP7lPpF:Slx4gQHhypOtpF

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks