cryptbot | ffa8da87cf48a20222e534e789c5ad5252ae546d4064e9cf15b9888d5e74e7c4

Analysis

max time kernel
299s
max time network
301s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
25-10-2024 02:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ffa8da87cf48a20222e534e789c5ad5252ae546d4064e9cf15b9888d5e74e7c4.exe
Size

6.2MB
MD5

80f73d292917c73a4f6e2581414000e0
SHA1

81c9cab7c67bcf32fbbed9f8be489ea103bb1dc5
SHA256

ffa8da87cf48a20222e534e789c5ad5252ae546d4064e9cf15b9888d5e74e7c4
SHA512

6e4ddcbc360c6e574a1f2438dc9f066c187692fc528a4d1c1e1a694a87e595c0de3b5e741df2aeb148600f697c3e5b3d7566d52d94eb27c150a19d84d0cfb0ca
SSDEEP

49152:pT+gBCwAxnjAvOiDLoRGt9pbGoc2ibr7rIYFhRZ+O/Xn3E0kQtdyaqiTDMAwgZJD:2xjAvOdEtja

Score

10^/10

cryptbot discovery spyware stealer

Malware Config

Signatures

CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
spyware stealer cryptbot

Detects CryptBot payload 1 IoCs

CryptBot is a C++ stealer distributed widely in bundle with other software.

spyware stealer

Processes:

resource	yara_rule
behavioral1/memory/1884-0-0x0000000069CC0000-0x000000006A37B000-memory.dmp	family_cryptbot_v3

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

ffa8da87cf48a20222e534e789c5ad5252ae546d4064e9cf15b9888d5e74e7c4.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ffa8da87cf48a20222e534e789c5ad5252ae546d4064e9cf15b9888d5e74e7c4.exe

C:\Users\Admin\AppData\Local\Temp\ffa8da87cf48a20222e534e789c5ad5252ae546d4064e9cf15b9888d5e74e7c4.exe
"C:\Users\Admin\AppData\Local\Temp\ffa8da87cf48a20222e534e789c5ad5252ae546d4064e9cf15b9888d5e74e7c4.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1884-0-0x0000000069CC0000-0x000000006A37B000-memory.dmp

Filesize
6.7MB

Download
memory/1884-9-0x0000000000B10000-0x000000000114D000-memory.dmp

Filesize
6.2MB

Download