cryptbot | 143baeea153f94dec6b4ae148ce7f7db97b1aa8d034803a945e069143504263e | Triage

Submit
Reports

Overview

overview

Static

static

1

e1188dcf1d...18.exe

windows7-x64

e1188dcf1d...18.exe

windows10-2004-x64

Sharing

General

Target

e1188dcf1d263848bbc3a9e0e000fa5d_JaffaCakes118
Size

2.6MB
Sample

240914-1kqywsxhln
MD5

e1188dcf1d263848bbc3a9e0e000fa5d
SHA1

30ec0f03ff134f6835e5a1f9ac50d2f1f203f3b9
SHA256

143baeea153f94dec6b4ae148ce7f7db97b1aa8d034803a945e069143504263e
SHA512

021f52ab015eabe04443efe38d848760d971352a422c93ead6ca15566d377e015ff16decd45c62047eeaf76a13959956127d4763b59190d777e8d6249f3b6adf
SSDEEP

49152:cvm6WWeedeXKl+GlMfZDebimoMpgeAwXYjb/D652jYdJT0:4mVWVfl+GqZDBmoDU9bT

Score

10^/10

cryptbot credential_access discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

e1188dcf1d263848bbc3a9e0e000fa5d_JaffaCakes118.exe

Resource

win7-20240903-en

cryptbot credential_access discovery spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

e1188dcf1d263848bbc3a9e0e000fa5d_JaffaCakes118.exe

Resource

win10v2004-20240802-en

cryptbot credential_access discovery spyware stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  e1188dcf1d263848bbc3a9e0e000fa5d_JaffaCakes118
- Size
  
  2.6MB
- MD5
  
  e1188dcf1d263848bbc3a9e0e000fa5d
- SHA1
  
  30ec0f03ff134f6835e5a1f9ac50d2f1f203f3b9
- SHA256
  
  143baeea153f94dec6b4ae148ce7f7db97b1aa8d034803a945e069143504263e
- SHA512
  
  021f52ab015eabe04443efe38d848760d971352a422c93ead6ca15566d377e015ff16decd45c62047eeaf76a13959956127d4763b59190d777e8d6249f3b6adf
- SSDEEP
  
  49152:cvm6WWeedeXKl+GlMfZDebimoMpgeAwXYjb/D652jYdJT0:4mVWVfl+GqZDBmoDU9bT
Score

10^/10

cryptbot credential_access discovery spyware stealer
- CryptBot
  CryptBot is a C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- CryptBot payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptbotcredential_accessdiscoveryspywarestealer

behavioral2

cryptbotcredential_accessdiscoveryspywarestealer

© 2018-2025

Terms | Privacy