General

  • Target

    file.exe

  • Size

    6.5MB

  • Sample

    241010-xdf9bswepp

  • MD5

    3394808f2d5c141b86e33a51ace8a577

  • SHA1

    2bb0408fff0e02cbe8bd35cf0fe12e63d5bd08e1

  • SHA256

    277eafa55c929bc4c805bd1d540d2385922ddcc26ad360af7b947987ca45e758

  • SHA512

    b125c00020afdf9ea17f49e01120bafff27cd10752a018dcdf3d064fa371991654a18d86cbe1accbec67e3f05ff0d6d0b2f4237c093acea43cef4fd206b7ad6a

  • SSDEEP

    49152:zX1kYWFZc6jmmW1RXZmRUd0/Gj4L1iNhQG3nHeSy/o+8k547W9UXwgZJ5hWGDPfk:zSzjmhasSGj4L0NhN3H1y/o+ZwW9

Malware Config

Targets

    • Target

      file.exe

    • Size

      6.5MB

    • MD5

      3394808f2d5c141b86e33a51ace8a577

    • SHA1

      2bb0408fff0e02cbe8bd35cf0fe12e63d5bd08e1

    • SHA256

      277eafa55c929bc4c805bd1d540d2385922ddcc26ad360af7b947987ca45e758

    • SHA512

      b125c00020afdf9ea17f49e01120bafff27cd10752a018dcdf3d064fa371991654a18d86cbe1accbec67e3f05ff0d6d0b2f4237c093acea43cef4fd206b7ad6a

    • SSDEEP

      49152:zX1kYWFZc6jmmW1RXZmRUd0/Gj4L1iNhQG3nHeSy/o+8k547W9UXwgZJ5hWGDPfk:zSzjmhasSGj4L0NhN3H1y/o+ZwW9

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Detects CryptBot payload

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks