General
-
Target
d16b3abed2c47fa35f325e50885a41ca0e9c8c7c570eac7b0f93225194d76bbc
-
Size
12.2MB
-
Sample
241025-cjz86ssend
-
MD5
51b19de8301b6a6756f05fc6b1b16ba2
-
SHA1
588d4b99fe140cb6abc24daa1f8f40b5295c1864
-
SHA256
d16b3abed2c47fa35f325e50885a41ca0e9c8c7c570eac7b0f93225194d76bbc
-
SHA512
5503797075b107036d9ba48370daada06a2331b3cebdaa73a041f23d0b9a1180d2dfe90d7e570491085163b02d9d062db88de50a527782669df10c5f9c85f68b
-
SSDEEP
98304:nmCvsKdBHCa5b2MGm76yqmstR16ZcTLpJMvbqyhL9ru0KanB:LsKdBHCa5b2MGm765miRciJyhpru0pn
Malware Config
Extracted
cryptbot
Targets
-
-
Target
d16b3abed2c47fa35f325e50885a41ca0e9c8c7c570eac7b0f93225194d76bbc
-
Size
12.2MB
-
MD5
51b19de8301b6a6756f05fc6b1b16ba2
-
SHA1
588d4b99fe140cb6abc24daa1f8f40b5295c1864
-
SHA256
d16b3abed2c47fa35f325e50885a41ca0e9c8c7c570eac7b0f93225194d76bbc
-
SHA512
5503797075b107036d9ba48370daada06a2331b3cebdaa73a041f23d0b9a1180d2dfe90d7e570491085163b02d9d062db88de50a527782669df10c5f9c85f68b
-
SSDEEP
98304:nmCvsKdBHCa5b2MGm76yqmstR16ZcTLpJMvbqyhL9ru0KanB:LsKdBHCa5b2MGm765miRciJyhpru0pn
Score10/10-
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Persistence
Modify Authentication Process
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
1Credentials In Files
1