cryptbot | 056b17b02a26dd4a260222dc061c4050d57a0cd708ba448b286715002e1fd636 | Triage

Sharing

General

Target

056b17b02a26dd4a260222dc061c4050d57a0cd708ba448b286715002e1fd636
Size

6.0MB
Sample

241010-b6hrzazbmp
MD5

0f6e6055e4dd7ea872cc0651126e580d
SHA1

1a275016c1fd5290440f0586468e687f8e2f16eb
SHA256

056b17b02a26dd4a260222dc061c4050d57a0cd708ba448b286715002e1fd636
SHA512

cc3581243e6f1202ed65fbc4a3f93a6168896d272b048e9a1eacf92410237c7a26acbfbf78f64ab0e15f297815b2f75604b3bdea25af5a271485295739209178
SSDEEP

49152:etE5w7bRXITO0dECZ+HCModqI6bgljkiz6QggxVJV7SzjIgQ45pqG2mfv/vs85lG:F8bFHsEagi4XgjZjTxx7

Score

10^/10

cryptbot discovery spyware stealer

Malware Config

Targets

- Target
  
  056b17b02a26dd4a260222dc061c4050d57a0cd708ba448b286715002e1fd636
- Size
  
  6.0MB
- MD5
  
  0f6e6055e4dd7ea872cc0651126e580d
- SHA1
  
  1a275016c1fd5290440f0586468e687f8e2f16eb
- SHA256
  
  056b17b02a26dd4a260222dc061c4050d57a0cd708ba448b286715002e1fd636
- SHA512
  
  cc3581243e6f1202ed65fbc4a3f93a6168896d272b048e9a1eacf92410237c7a26acbfbf78f64ab0e15f297815b2f75604b3bdea25af5a271485295739209178
- SSDEEP
  
  49152:etE5w7bRXITO0dECZ+HCModqI6bgljkiz6QggxVJV7SzjIgQ45pqG2mfv/vs85lG:F8bFHsEagi4XgjZjTxx7
Score

10^/10

cryptbot discovery spyware stealer
- CryptBot
  CryptBot is a C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- Detects CryptBot payload
  CryptBot is a C++ stealer distributed widely in bundle with other software.
  spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptbotdiscoveryspywarestealer

behavioral2

cryptbotdiscoveryspywarestealer