cryptbot | ac9d0b246600964d743b74a30f3bb38ee21c8365c28e6427f3f29d0a2daea370 | Triage

Sharing

General

Target

ac9d0b246600964d743b74a30f3bb38ee21c8365c28e6427f3f29d0a2daea370.exe
Size

6.4MB
Sample

241015-ce9baaybmg
MD5

a741208b11e340f91215eebb5f1c05f7
SHA1

36ea40e7aaddec858d80c63825107c313c21d155
SHA256

ac9d0b246600964d743b74a30f3bb38ee21c8365c28e6427f3f29d0a2daea370
SHA512

8f7feceed1e0b7550cc60a044d6c43a1a1826aa944a576bd1b7b83e84f0449cab7bc16aaf80d039319ed1ed5cde2f269bf010f136722f4d43f46162143c30433
SSDEEP

49152:p0WvxmSzX5DFZ78WQajskJbw4VZQYKlVUHhNSDPfPMcFFVliyCWqMEUs9N+qaKDo:y8Ay18W6kJ3f

Score

10^/10

cryptbot discovery spyware stealer

Malware Config

Targets

- Target
  
  ac9d0b246600964d743b74a30f3bb38ee21c8365c28e6427f3f29d0a2daea370.exe
- Size
  
  6.4MB
- MD5
  
  a741208b11e340f91215eebb5f1c05f7
- SHA1
  
  36ea40e7aaddec858d80c63825107c313c21d155
- SHA256
  
  ac9d0b246600964d743b74a30f3bb38ee21c8365c28e6427f3f29d0a2daea370
- SHA512
  
  8f7feceed1e0b7550cc60a044d6c43a1a1826aa944a576bd1b7b83e84f0449cab7bc16aaf80d039319ed1ed5cde2f269bf010f136722f4d43f46162143c30433
- SSDEEP
  
  49152:p0WvxmSzX5DFZ78WQajskJbw4VZQYKlVUHhNSDPfPMcFFVliyCWqMEUs9N+qaKDo:y8Ay18W6kJ3f
Score

10^/10

cryptbot discovery spyware stealer
- CryptBot
  CryptBot is a C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- Detects CryptBot payload
  CryptBot is a C++ stealer distributed widely in bundle with other software.
  spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptbotdiscoveryspywarestealer

behavioral2

cryptbotdiscoveryspywarestealer