General
-
Target
4b88ea5840bc2a0e537751c2a3bc7087_JaffaCakes118
-
Size
327KB
-
Sample
241016-fts5dsybmk
-
MD5
4b88ea5840bc2a0e537751c2a3bc7087
-
SHA1
78888607d7ad9e4a21c4791f6428eda04daaf3b7
-
SHA256
ac6ec77a1444f5de3ab2e46fe7757e0c68111c75b7170c1fc87343e46a78d939
-
SHA512
bdd6b45f217d36e25da051442c24d92ff15a81b20ab40b9768c14f957995f1c613f64c991a950f7ada6057c67aea08e264cb5c94353f241f27dc66a915422699
-
SSDEEP
6144:dzeDa4vT2lsqGEPPGzOcOvOIy661R/yAz/odS/jPBVTh7RXda:dzeDa4ClsHzZMy31hHL/3NR
Malware Config
Extracted
cryptbot
pacbry45.top
mortiq04.top
-
payload_url
http://zukicv06.top/download.php?file=lv.exe
Targets
-
-
Target
4b88ea5840bc2a0e537751c2a3bc7087_JaffaCakes118
-
Size
327KB
-
MD5
4b88ea5840bc2a0e537751c2a3bc7087
-
SHA1
78888607d7ad9e4a21c4791f6428eda04daaf3b7
-
SHA256
ac6ec77a1444f5de3ab2e46fe7757e0c68111c75b7170c1fc87343e46a78d939
-
SHA512
bdd6b45f217d36e25da051442c24d92ff15a81b20ab40b9768c14f957995f1c613f64c991a950f7ada6057c67aea08e264cb5c94353f241f27dc66a915422699
-
SSDEEP
6144:dzeDa4vT2lsqGEPPGzOcOvOIy661R/yAz/odS/jPBVTh7RXda:dzeDa4ClsHzZMy31hHL/3NR
Score10/10-
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-