cryptbot | e024652e46d7ad5e5af4e4686d94948d4b582d9b8457e0ba062d90c3fe250871 | Triage

Sharing

General

Target

Set-up.exe
Size

6.3MB
Sample

240924-eskk7axamd
MD5

ad609ea8ab379421be41641b24640953
SHA1

3bdd1112d789ba4563edf4a387362799cb28d12d
SHA256

e024652e46d7ad5e5af4e4686d94948d4b582d9b8457e0ba062d90c3fe250871
SHA512

8d87058c8fbfdc49dfef1516e695b3454e65959728d24d6026c3975db87635b52bc565668b7f313c3e640796e5ac508e901f4c4333838f3d7fdbb891af61f1a0
SSDEEP

98304:oK+W+I8jP0pOdt0VE2FSXM/Gvdi1ZpM34aW/Zwj2dCtPVGLUunqJSiW:7G8p0N2k2VGr+c+0SiW

Score

10^/10

cryptbot discovery spyware stealer

Malware Config

Extracted

Family

cryptbot

C2

twelvevf12vs.top

analforeverlovyu.top

Attributes

url_path
/v1/upload.php

Targets

- Target
  
  Set-up.exe
- Size
  
  6.3MB
- MD5
  
  ad609ea8ab379421be41641b24640953
- SHA1
  
  3bdd1112d789ba4563edf4a387362799cb28d12d
- SHA256
  
  e024652e46d7ad5e5af4e4686d94948d4b582d9b8457e0ba062d90c3fe250871
- SHA512
  
  8d87058c8fbfdc49dfef1516e695b3454e65959728d24d6026c3975db87635b52bc565668b7f313c3e640796e5ac508e901f4c4333838f3d7fdbb891af61f1a0
- SSDEEP
  
  98304:oK+W+I8jP0pOdt0VE2FSXM/Gvdi1ZpM34aW/Zwj2dCtPVGLUunqJSiW:7G8p0N2k2VGr+c+0SiW
Score

10^/10

cryptbot discovery spyware stealer
- CryptBot
  CryptBot is a C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptbotdiscoveryspywarestealer

behavioral2

cryptbotdiscoveryspywarestealer