General
-
Target
b4a7565f5fe7f3fa54fa55734c050695.bin
-
Size
3.3MB
-
Sample
241023-b3crjswgqm
-
MD5
7984b40159ef886dec3e6f4c96e1a417
-
SHA1
8a1ff1159f0c77a256913e84ee5c48760ebb6b68
-
SHA256
73b3d2b00f5616f8d7378d3065f730747d648f88eccfd3840150cdf15b0c6ef7
-
SHA512
187e4e00cead6702763251ae7bc280b7224b2fab5bb8c73358b0f34a10683705881e6c56053e43b3ac5a7f19522704a0eb523eebacd5e1d5387b65d7a5fc184c
-
SSDEEP
49152:ib2UMFUsiO++6SpGjsJ5pIxLsw2rvaW0ZBfBNU6O0R68mvKwf3/G2pmibl5Y:G29ViO++4sJ5inT9EKwfE6Y
Malware Config
Extracted
cryptbot
Targets
-
-
Target
e1475c8d8760880e5d874a7bacb983cedda7691e507f7b1f89269333063239cc.exe
-
Size
12.2MB
-
MD5
b4a7565f5fe7f3fa54fa55734c050695
-
SHA1
cb059c204ec0c030e29d41cddc7bc7e96a552b20
-
SHA256
e1475c8d8760880e5d874a7bacb983cedda7691e507f7b1f89269333063239cc
-
SHA512
72591ddf64e0d14dbb717ebeaf12feb559e49309541ab7035b3ea3f3005e25a8533a934764cc1bd6befe820c3e8d8371e356f68de3aee6a67f1e1b7d7f9e61ae
-
SSDEEP
98304:kmCvsKdBHCa5b2MGm76yqmstR16ZcTLpJMvbqyxIJfJu0K7nB:ysKdBHCa5b2MGm765miRciJyxgRu0Mn
Score10/10-
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Persistence
Modify Authentication Process
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
1Credentials In Files
1