General

  • Target

    cbad22c3c31f54e6a320707f1633cbecdc03dcfcbc573df7ad9b1b6f1bf00af4

  • Size

    6.4MB

  • Sample

    240911-ehw68s1erk

  • MD5

    32eb7552a3a4285efa7305e61e237d8f

  • SHA1

    1045c5b0b88bafe89a65514f80052076b91c239d

  • SHA256

    cbad22c3c31f54e6a320707f1633cbecdc03dcfcbc573df7ad9b1b6f1bf00af4

  • SHA512

    cec50c7523ebeee8952b6a51e8b9a88c8bade7ee7ca17bbcc8b97a24a644e934e311532d8df9f8bd9d86c3de49d2369be40709682ad79b566e3f267dea8721b1

  • SSDEEP

    98304:eaeGnKx494U6w/L8rUzP8qR5n0ayMfBRzPwfqmWkzts2:eaeGnKxVxAPvR5NzfLIfqmWkRs2

Malware Config

Extracted

Family

cryptbot

C2

analforeverlovyu.top

sivd6sr.top

Attributes
  • url_path

    /v1/upload.php

Targets

    • Target

      cbad22c3c31f54e6a320707f1633cbecdc03dcfcbc573df7ad9b1b6f1bf00af4

    • Size

      6.4MB

    • MD5

      32eb7552a3a4285efa7305e61e237d8f

    • SHA1

      1045c5b0b88bafe89a65514f80052076b91c239d

    • SHA256

      cbad22c3c31f54e6a320707f1633cbecdc03dcfcbc573df7ad9b1b6f1bf00af4

    • SHA512

      cec50c7523ebeee8952b6a51e8b9a88c8bade7ee7ca17bbcc8b97a24a644e934e311532d8df9f8bd9d86c3de49d2369be40709682ad79b566e3f267dea8721b1

    • SSDEEP

      98304:eaeGnKx494U6w/L8rUzP8qR5n0ayMfBRzPwfqmWkzts2:eaeGnKxVxAPvR5NzfLIfqmWkRs2

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks