General
-
Target
cryptbot_v2.7z
-
Size
22.2MB
-
Sample
241023-sezpvayblp
-
MD5
28bdda8a612f8047e205c0c1c0dba398
-
SHA1
72e69f35ac9853cf380c5e0d71cdd4b7d5c449bd
-
SHA256
0b7c4304f5fcc82c469ad4fbdc29a67e1782e4ae1959f1059e418abf9fe86e6f
-
SHA512
a7953dc7dc0766b55c35139f473a619b8a9ff595ff4343e695761144b3f4e57e4f6179abd970bccd8eeb8361136fb19419b683b4aefacc2061396555df4c73db
-
SSDEEP
393216:rGeG7h1bKAPEqZI7MYYrkHnKwJt41omXcl1TNXq0bgimUVIxSgHLMIitvwSNp7wv:JAcuI7MYakHKwJ61OJpbzLIxSWUtvPp6
Malware Config
Targets
-
-
Target
cryptbot_v2/packed/332002810f86c584bc8a49ec5b6efcd047b1988ca1792066cb0fe6d402590968
-
Size
7.0MB
-
MD5
539fb0452bbf1f77accc53b91a436105
-
SHA1
d12fa712e4d0378c85ddce3d73836da385897931
-
SHA256
332002810f86c584bc8a49ec5b6efcd047b1988ca1792066cb0fe6d402590968
-
SHA512
2cc6d4c0f24f69a04e1475a1629426aeb85eeb0c68292b5c501df708429f1dd3504be259981fb10de009a38152c442599659cd997b11f0be34a1368a8bc7e958
-
SSDEEP
49152:D/WmrJmKCZTsl2B6+WW2N3OXFNC+hEN+UlDvd2MUKiKC:DLQkleXlmE0d2I
Score10/10-
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Detects CryptBot payload
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
cryptbot_v2/packed/33e2930246f120f0190faefd807300a3d47faf8bf79517d4bb46ae49d8c3ba7c
-
Size
6.1MB
-
MD5
3688fdf2c74c90570457aff15a23b2d5
-
SHA1
1441beb5cd200aec60ea3767a8feebe8a880666a
-
SHA256
33e2930246f120f0190faefd807300a3d47faf8bf79517d4bb46ae49d8c3ba7c
-
SHA512
ca0b184855ad05f574dbe2c26c4b2978744d0cc7f132f876e634396baef587e3ff8aa643533eef619ba54342d280b16bc621456e9ec4e10c000e017cbfbd9422
-
SSDEEP
49152:jcEyWWvUc45Pbu+i2opc9HtpN+ulQyRmQ:jO8nbuHpc9NpN+uCQ
Score10/10-
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Detects CryptBot payload
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
-
-
Target
cryptbot_v2/packed/3a7925af06766a9a2bc4a0863308777b88c09ea9a4bc3fc06ddc114ce4bb3634
-
Size
7.1MB
-
MD5
8c7ddc262a38da285d2ea4879843ec0f
-
SHA1
e53f56cff20dca7eadc150fbadd0783ff764ce5c
-
SHA256
3a7925af06766a9a2bc4a0863308777b88c09ea9a4bc3fc06ddc114ce4bb3634
-
SHA512
1e9f09fb1c2029e287a223d4997f9e9337656243345cbeaa3d65c850a36997b2e858a367c415bc92242a8dd6fb13ea9d49ee2dbc35af8f60ff24c3653d26c7e3
-
SSDEEP
49152:/92K5XqdfhuXPXdhPq5MXjnkRqBTf+ygj6Wm2vfPf8sJ1l:/92lOXfTq5+jn2qxmP
Score10/10-
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Detects CryptBot payload
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
cryptbot_v2/packed/4caa926d2422c584f16a4373daea24880fbd08a7baf3c9214421281965f89ec6
-
Size
6.3MB
-
MD5
5e8fec7f2f2102b5dcd44c061f3197fc
-
SHA1
3d8f67a861dd144b6dba216db88012ee62aed4a6
-
SHA256
4caa926d2422c584f16a4373daea24880fbd08a7baf3c9214421281965f89ec6
-
SHA512
0aafde8e576e305c9d8a61af774235ff32e769270971e66b9cc6cce9ac4dccf1f4434cf1f63b0801beb8a271877d89ccd3b58e6c899d9fae17a6e9c19798ca08
-
SSDEEP
49152:odrAjDR10enDYGCPX544IvBqkqoO65ia6sC9TNpWG2ifvEcsUVlWOeXH3HUkRNdl:ooMenDOPX5JIvP7O65wsCN
Score10/10-
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Detects CryptBot payload
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
-
-
Target
cryptbot_v2/packed/70f887fea5277999b9f7c5b725a2601ea42f53c3de6f218867509057021d58be
-
Size
7.5MB
-
MD5
e071b6dd90f4c7a9d23632bfb9517925
-
SHA1
9ef06985e2f58c3cd0a64780819e7812d6ae849e
-
SHA256
70f887fea5277999b9f7c5b725a2601ea42f53c3de6f218867509057021d58be
-
SHA512
bd8b2c084b36f0b37f223aff83d0599affc0450ede1299efc37e5a9519cc9b26ecb209292865c06c7de29c4f3ffda070c56f956a7db7817427f2d2053b225baf
-
SSDEEP
49152:MidZxaEXACSbv61erWUn19OFne30Tt2SUprQRd8/NPpuevH3nUk0gdtCneP/4scQ:Mivx4i1ul1WUp8O
Score10/10-
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Detects CryptBot payload
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
cryptbot_v2/packed/848f0c9d9f742eeb36857be8d554960cdce789559b338f09b74faf8ef1fc9fc9
-
Size
6.4MB
-
MD5
04accfb0eb1cb0cf61934814be4bb2db
-
SHA1
d1c646fae4a4539cc4b6adc7b9a0bbe7bf552a68
-
SHA256
848f0c9d9f742eeb36857be8d554960cdce789559b338f09b74faf8ef1fc9fc9
-
SHA512
d0853775f6df11ac41097f2b5b929c1a2c7c7dcf2231d6b06ca8f744f523cef8f089af7dd9fe9205c14c2b326f609fcf4b4b7a582ba97bf722a0365090b21843
-
SSDEEP
49152:wz9n4EDyhoD8veiiDNHLMtY5lLPC+6s85l1dCSzbL7Y4dtCK6yjzcwAQptCy6brb:6CoYveiiDNg8
Score10/10-
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Detects CryptBot payload
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
cryptbot_v2/packed/8ad7c506b6c146384ab9b6effd12c9bd586518100e35c4fcb4744b40d10bf25a
-
Size
6.3MB
-
MD5
bfe2f72aaf59ad12fe5479d4936d9d52
-
SHA1
1eb38144e825af65babd0f1e5651f74123413c93
-
SHA256
8ad7c506b6c146384ab9b6effd12c9bd586518100e35c4fcb4744b40d10bf25a
-
SHA512
e1e070feec3cc1ef4506976d6c839564f9a2487fbdfeb77c29027c3c0634f8990f3e48aba0560030e8f823ee48ca2055f16256d1d87e68b565dd8bbfcc4bdba7
-
SSDEEP
49152:YxnRxBWUDgOXOVviT4teSK+T/8zkSJUosljJs0Rr4IwEZJumWu/Po8MIBZO+LnX9:C7k0uKT4teSxb8zxGH1JsY
Score10/10-
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Detects CryptBot payload
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
cryptbot_v2/packed/8e65cf66c605bc96f6c607a5860e607a4f5ca5659fe6ee875ee42df7bfb1d49f
-
Size
6.3MB
-
MD5
5b98028b773f57f3eadeddde35f3f6a1
-
SHA1
cb3cdb8fb6915137b17a2107cdfd663902f240c6
-
SHA256
8e65cf66c605bc96f6c607a5860e607a4f5ca5659fe6ee875ee42df7bfb1d49f
-
SHA512
bec632325af6d4f44d4ae36c03308f39729c2d3bc8937cd7e00e935f918435ee1ec5192122c7b3142fc81dff7641f6e6b527f261d21970f900bdd966c450a554
-
SSDEEP
49152:wa48zXlPvm8WqarSAUqPaTvCxbreeJXt9prYSov/vs85l1dCSzbL1bYIVRhpuevm:xvWqauA7PabSjJ/BY
Score10/10-
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Detects CryptBot payload
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
-
-
Target
cryptbot_v2/packed/992bd4bb6280e1d946ce2a65c5ee6c620b3074a3195c96595f3396ce33369922
-
Size
6.4MB
-
MD5
b00d4277cdeb811fdccc08e336223231
-
SHA1
cb57043aae0a7feb24ab3b2a3593517f491f3864
-
SHA256
992bd4bb6280e1d946ce2a65c5ee6c620b3074a3195c96595f3396ce33369922
-
SHA512
4ad16aac0ff10b49049ae80612bca990f6044ae0e9f7ffe25d1947f019f2c211b51af230ba9a625fd04657c5df45bec7dd1633e59f3b5421022a0e606d126310
-
SSDEEP
49152:PqwJ29pmtJa0vG2PkxKzMOaKRhpuevH3nUk0gdg2GeP/4scMlVFty:vcmtJaeGkGKzVa
Score10/10-
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Detects CryptBot payload
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
cryptbot_v2/packed/abc53ac9f7564ceba0a7548b880b1e92c8e0329ff9680e3c5f06abcbd4e869b9
-
Size
7.1MB
-
MD5
7105a2ba8c897b6c2072a6ab0bdecdf1
-
SHA1
d3659027483c2825c8430a41a0c3e439aac78e2f
-
SHA256
abc53ac9f7564ceba0a7548b880b1e92c8e0329ff9680e3c5f06abcbd4e869b9
-
SHA512
25dc46cf350a294ea6ce7b7d07c07bfd379307783bea9f357d20a7277fa49736221c7ba1f33afd46ef26a917ef544303291263931b239c26aa8f5abb35a92c9e
-
SSDEEP
49152:w6u6AkFUy00GL2vXkEkaBdCtsRbSgVw1y0y1zTPWs8Mo1FqSiqL7ECI4chxGeO2b:wyA+UtvLgXMaBssNSgAyPzT
Score10/10-
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Detects CryptBot payload
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
cryptbot_v2/packed/d8689dcc36f611d77d6f6d1eb1ed8b872104a38568740936209114835a441048
-
Size
7.2MB
-
MD5
3195fa517818ae805403fc975213e9b4
-
SHA1
43f5dbcd65c3e8fcbf106f4acd95ee26acd5c5ac
-
SHA256
d8689dcc36f611d77d6f6d1eb1ed8b872104a38568740936209114835a441048
-
SHA512
8c6036e280f7d201563ad0d7cf6050d581641741ce2a9a1380ceddae6791ea8ec73b49e6f3ba2ecca912dc8bdace75d43874d3e59699d22a46108c727650f17d
-
SSDEEP
49152:GIZVzeU16eXDTtJu4sCyPwxXZFctiLFMf58GaRyAuk15pWG2ifvEcsUVlueXH3HP:GeVzeU16eXDvxsCjXbnL2fmu
Score10/10-
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Detects CryptBot payload
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
cryptbot_v2/packed/de7158447b083712f9f261d481a3d942df8151565927b25923a1a3cfebb159a0
-
Size
7.4MB
-
MD5
1dfa5cabbb5c455dda904e105036d336
-
SHA1
7fa8943b4527c0dd3b248c2eaf3cd325a5d6f336
-
SHA256
de7158447b083712f9f261d481a3d942df8151565927b25923a1a3cfebb159a0
-
SHA512
1e84e56ba4d70d6d52a6e8626d858dce85eeae04a32b866f2386a5157c723ce7de087d2816a48063fd2bf65d794153d4a1cc34481911cd1af5ed8e9a8702715f
-
SSDEEP
49152:1WVbpyOxnK1M0s/9F7icYcaPrmbbTUC1PCWrbQoYQBRy+u2aXHMEUs9N+qaKDPT0:WK1D228KcbTU
Score10/10-
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Detects CryptBot payload
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
cryptbot_v2/packed/e4dd53f42d79f62b17d146ecbb9b33b20495015d4709e0711a5d2cac87538206
-
Size
7.1MB
-
MD5
da8ceaf7d663bfcfdfadba750259dd35
-
SHA1
ed7ec222d1eeb1cfec264cdad2ea0245b1559a85
-
SHA256
e4dd53f42d79f62b17d146ecbb9b33b20495015d4709e0711a5d2cac87538206
-
SHA512
04d9faaf65065f485bd120e13edbe6d41380ff5746b9201d77c5b02a432ef448527aed3156be924620afc1319d1a1f9c4dfe6835b31319b04558cf998e872d65
-
SSDEEP
49152:2eBBoUBmetG+OF/J/5Z5EBn89EbAqx8sbMVrPsh:2OpmIa/p5Z5snifFRP
Score10/10-
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Detects CryptBot payload
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
cryptbot_v2/packed/e64546e6d28e418125aaa42a73d06027baece5281181852ea8e93259e7b0dd1f
-
Size
7.2MB
-
MD5
0b96238b05dedecdac4d11b469575ecf
-
SHA1
8d39970f01c7eaa75ee2f00584d57ee7dca9c692
-
SHA256
e64546e6d28e418125aaa42a73d06027baece5281181852ea8e93259e7b0dd1f
-
SHA512
b2f588e77b99e7efc9c4f2fdc1e17fd60719d3389c34b3421679c0b5a9100a837f411f495685c113d816089bc025606fa83be0583b888ee518b94464d9eff08f
-
SSDEEP
49152:ZRUpXmlE8CaIAF2U+bL5iPP2qF3ZcCa3Z/Ft5pqG2mfv/vs85ouevH3nUk0gdtCU:4p2XF2U+f5AWCU3
Score10/10-
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Detects CryptBot payload
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
unpacked_cryptobot_v3/1692-0-0x0000000069CC0000-0x000000006A377000-memory.dmp
-
Size
6.7MB
-
MD5
4cb917564b38a9dee03491c78bc15fb0
-
SHA1
2e7f7d84ed84da7b8876f74d63159a3ecfa9e6b2
-
SHA256
16f2a9edaa90897f437b9496c6e580515b37e2f4832ae6cbc2b34420bc762a80
-
SHA512
c649a7973613406d3a00188636d03dc7af508ad2af428ade68623eb94d8076a75f6894a37c9ce384631f8f3dd2913b1dd69203c32c7dcb1f557f77174c6c438c
-
SSDEEP
12288:PfjqZd/pWV8RsSm8VhVQNRUy47/jBsn+n4Yczcw7Pz1pWsV+OG:P7qZd/pWufm8kUyIjq+BcYMPTVo
Score3/10 -
-
-
Target
unpacked_cryptobot_v3/1908-0-0x0000000069CC0000-0x000000006A378000-memory.dmp
-
Size
6.7MB
-
MD5
edd85a24a8d9a5d19fc4e82ba6afe095
-
SHA1
676ddaa8f64ab768c630b417bc199cb4cae99249
-
SHA256
df896eda887383d2319a08aba3d6750703a75c8c3a97eca52a5df193e4b91f33
-
SHA512
839a1dfb79321ed0591dacd379d2be44f1acc734756fd56e28d026ed93a12ae4a4b427949e7ad362b43f0d2af0931e39b8484ea2e1eb5615b7f10eb49a77acc7
-
SSDEEP
24576:5xwZl/hW+5Qm6FkYIPsvOwv4Sa96CDTH:yWW6PIWvy6CD
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1