General
-
Target
0ddaf55ff5b6daf269845dee74b4f24b.bin
-
Size
1.5MB
-
Sample
241022-bcyakaxdjg
-
MD5
ea3e022774a89f7970ae652552161556
-
SHA1
cebe0d8b0ad0d0a580f369c2ca98b8dbf9d8c070
-
SHA256
581ccffb152ff38f2b1d411bec32e5d0fdcee33a15a957a9f776f839a50723a4
-
SHA512
2d888f44640c98d07c1e0b363f2a946fc08949a24155d74be222355b8b44266a1edcfd7b54e58a5b38e1dea760d7c866c84415d785caf9dccb60444406526435
-
SSDEEP
24576:6RW0LF9P0ENrTpbM4InAeEeFPYMeuVrqRbnj21KhTldPH27PKsdqBMKAEh5/uD56:OW0/P0orHIAeEKTeu5qJnj5BuPKs0BMS
Malware Config
Targets
-
-
Target
6798b30915ded323d8ca7f310a7d518cfa5de39bcc20ae984c9a3b65ccbeb941.exe
-
Size
6.9MB
-
MD5
0ddaf55ff5b6daf269845dee74b4f24b
-
SHA1
9b9363db8deadeee5803ce1751230fb56d776501
-
SHA256
6798b30915ded323d8ca7f310a7d518cfa5de39bcc20ae984c9a3b65ccbeb941
-
SHA512
262dab88704c4aff25f7b802759699ad1c712c227ec8afad5354ed2f37ef8a5510edaf692eb39e95f9dac695990176ad78e1720044343a855069b042dd09d763
-
SSDEEP
49152:n79YagFmdXM5AMGGLNFAm8jUXIlKcupRGCDZXRoYQBRy+ueXH3HmZpBm2nfP/8sP:npBxMZLNCm8jHlK5DZX
Score10/10-
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Detects CryptBot payload
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-