General
-
Target
69de589ce17aef3d2b265ef806d8783d882e53671542518d1379c7cbbf8f67d0.exe
-
Size
9.5MB
-
Sample
241010-g5cgfsvgkk
-
MD5
b13e354d435e1c6058a47f21c02d340d
-
SHA1
27bf445af2cf41ecd8b63d6a4f69e0daec155070
-
SHA256
69de589ce17aef3d2b265ef806d8783d882e53671542518d1379c7cbbf8f67d0
-
SHA512
c4eb98283fa6464aadfe33c0c1b17243053a7d5b526a0fdc0755674190b96b753fee6c5e0104f6928d013741bd72eea4371fe0a1dbc38c3b16ad299c94eee927
-
SSDEEP
49152:U1G09RgzuJvG124EDqbkXqayB7nh5uerH3HUktNdtaK6OjzYwAIp5a2GWPwibr7R:jYRZVZqwiB7
Malware Config
Extracted
cryptbot
tventyvr20pt.top
analforeverlovyu.top
-
url_path
/v1/upload.php
Targets
-
-
Target
69de589ce17aef3d2b265ef806d8783d882e53671542518d1379c7cbbf8f67d0.exe
-
Size
9.5MB
-
MD5
b13e354d435e1c6058a47f21c02d340d
-
SHA1
27bf445af2cf41ecd8b63d6a4f69e0daec155070
-
SHA256
69de589ce17aef3d2b265ef806d8783d882e53671542518d1379c7cbbf8f67d0
-
SHA512
c4eb98283fa6464aadfe33c0c1b17243053a7d5b526a0fdc0755674190b96b753fee6c5e0104f6928d013741bd72eea4371fe0a1dbc38c3b16ad299c94eee927
-
SSDEEP
49152:U1G09RgzuJvG124EDqbkXqayB7nh5uerH3HUktNdtaK6OjzYwAIp5a2GWPwibr7R:jYRZVZqwiB7
Score10/10-
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-