Extracted

• • Target

    1.exe

  • Size

    6.3MB

  • MD5

    cb241377bc006c674ed7cefcafcda47a

  • SHA1

    2b79c774fd57db28abc96235bd3d348ed7c8f994

  • SHA256

    32f67fe653fd4f2b17358bacef7179df6d4f91d3c3ff19aedab3e969b51a10fd

  • SHA512

    87f33ce92fed3b6b75f394bdcec8084680e0fa5542c81bf288aee9b45fd2d1954a9043c44eab72639cb3959f234ed26c075134ea7c26c57900c11f631526c002

  • SSDEEP

    49152:qMYKKTgnGAy11bb1pHFOQzHeo0THA7dV1irLsDOYTmDFTLIoQwKbxhMqNqiqdOSZ:tYKpy7HFFzI2nirLsDOYljrmK2HzGuq8

  Score

  10^/10

  cryptbotdiscoveryspywarestealer

  • CryptBot

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2