General
-
Target
cbad22c3c31f54e6a320707f1633cbecdc03dcfcbc573df7ad9b1b6f1bf00af4
-
Size
6.4MB
-
Sample
240911-ehw68s1erk
-
MD5
32eb7552a3a4285efa7305e61e237d8f
-
SHA1
1045c5b0b88bafe89a65514f80052076b91c239d
-
SHA256
cbad22c3c31f54e6a320707f1633cbecdc03dcfcbc573df7ad9b1b6f1bf00af4
-
SHA512
cec50c7523ebeee8952b6a51e8b9a88c8bade7ee7ca17bbcc8b97a24a644e934e311532d8df9f8bd9d86c3de49d2369be40709682ad79b566e3f267dea8721b1
-
SSDEEP
98304:eaeGnKx494U6w/L8rUzP8qR5n0ayMfBRzPwfqmWkzts2:eaeGnKxVxAPvR5NzfLIfqmWkRs2
Static task
static1
Behavioral task
behavioral1
Sample
cbad22c3c31f54e6a320707f1633cbecdc03dcfcbc573df7ad9b1b6f1bf00af4.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral2
Sample
cbad22c3c31f54e6a320707f1633cbecdc03dcfcbc573df7ad9b1b6f1bf00af4.exe
Resource
win11-20240802-en
Malware Config
Extracted
cryptbot
analforeverlovyu.top
sivd6sr.top
-
url_path
/v1/upload.php
Targets
-
-
Target
cbad22c3c31f54e6a320707f1633cbecdc03dcfcbc573df7ad9b1b6f1bf00af4
-
Size
6.4MB
-
MD5
32eb7552a3a4285efa7305e61e237d8f
-
SHA1
1045c5b0b88bafe89a65514f80052076b91c239d
-
SHA256
cbad22c3c31f54e6a320707f1633cbecdc03dcfcbc573df7ad9b1b6f1bf00af4
-
SHA512
cec50c7523ebeee8952b6a51e8b9a88c8bade7ee7ca17bbcc8b97a24a644e934e311532d8df9f8bd9d86c3de49d2369be40709682ad79b566e3f267dea8721b1
-
SSDEEP
98304:eaeGnKx494U6w/L8rUzP8qR5n0ayMfBRzPwfqmWkzts2:eaeGnKxVxAPvR5NzfLIfqmWkRs2
Score10/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-