cryptbot | e3dbf48bf7232de2ba30108b1a2f786f720d9add5ff58f6ec6e642333f36fcbe | Triage

Sharing

General

Target

e3dbf48bf7232de2ba30108b1a2f786f720d9add5ff58f6ec6e642333f36fcbe.exe
Size

6.4MB
Sample

240926-c2gjsavhqc
MD5

870f1122277648c00bf1946e44840576
SHA1

c33bee3656773a7c8dfcff6ed91e9ee45f1374da
SHA256

e3dbf48bf7232de2ba30108b1a2f786f720d9add5ff58f6ec6e642333f36fcbe
SHA512

7221b6c24b9e04288bfac96b65ab048729a3a030afe71338527c9c89932417448daba755abbdece8675a14d57045c967b19cc471795ae79a2f7824167848fbd7
SSDEEP

98304:RL126QjojmEkaMC3ruH5zMSgwEWTzHBY3zdXU:RL126QjOvME6zMSgtNdXU

Score

10^/10

cryptbot discovery spyware stealer

Malware Config

Extracted

Family

cryptbot

C2

twelvevf12vt.top

analforeverlovyu.top

Attributes

url_path
/v1/upload.php

Targets

- Target
  
  e3dbf48bf7232de2ba30108b1a2f786f720d9add5ff58f6ec6e642333f36fcbe.exe
- Size
  
  6.4MB
- MD5
  
  870f1122277648c00bf1946e44840576
- SHA1
  
  c33bee3656773a7c8dfcff6ed91e9ee45f1374da
- SHA256
  
  e3dbf48bf7232de2ba30108b1a2f786f720d9add5ff58f6ec6e642333f36fcbe
- SHA512
  
  7221b6c24b9e04288bfac96b65ab048729a3a030afe71338527c9c89932417448daba755abbdece8675a14d57045c967b19cc471795ae79a2f7824167848fbd7
- SSDEEP
  
  98304:RL126QjojmEkaMC3ruH5zMSgwEWTzHBY3zdXU:RL126QjOvME6zMSgtNdXU
Score

10^/10

cryptbot discovery spyware stealer
- CryptBot
  CryptBot is a C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptbotdiscoveryspywarestealer

behavioral2

cryptbotdiscoveryspywarestealer