General
-
Target
dc6c85f620529fd980fc2efdb51ae004dc56323d87dac0821b34913ade66c0cbN
-
Size
9.5MB
-
Sample
241005-m32lfs1bqj
-
MD5
05951a1b6f57b1c37c656ecf5db2c030
-
SHA1
963f8a59c9cfa3b97d6cd79461d1946220a94dcb
-
SHA256
dc6c85f620529fd980fc2efdb51ae004dc56323d87dac0821b34913ade66c0cb
-
SHA512
21db0a803906078e5bf6244bac4af6ce3febce11bb1e7e338a1c72084d5dc7e86740bad8c91c3de4fb4d4cb4235fc08ce272b0b15bb71d203a05615af5fde000
-
SSDEEP
196608:+ygM1DOAK2RGV9caTDv7Q4rwfmEjk2gunMnoZbM:UMlR2AgsTjpqnCQ
Malware Config
Extracted
cryptbot
forcf4pt.top
analforeverlovyu.top
-
url_path
/v1/upload.php
Targets
-
-
Target
dc6c85f620529fd980fc2efdb51ae004dc56323d87dac0821b34913ade66c0cbN
-
Size
9.5MB
-
MD5
05951a1b6f57b1c37c656ecf5db2c030
-
SHA1
963f8a59c9cfa3b97d6cd79461d1946220a94dcb
-
SHA256
dc6c85f620529fd980fc2efdb51ae004dc56323d87dac0821b34913ade66c0cb
-
SHA512
21db0a803906078e5bf6244bac4af6ce3febce11bb1e7e338a1c72084d5dc7e86740bad8c91c3de4fb4d4cb4235fc08ce272b0b15bb71d203a05615af5fde000
-
SSDEEP
196608:+ygM1DOAK2RGV9caTDv7Q4rwfmEjk2gunMnoZbM:UMlR2AgsTjpqnCQ
Score10/10-
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-