Extracted

• • Target

    e7274f1c8c45bce731b3739749d63f13de04b259bbe825810bdab0e8d83ca901

  • Size

    1.1MB

  • MD5

    7e00268192ebdb5f535a60425dd62e3f

  • SHA1

    70b90c83cc8e75c36b88130a2dbaa8c8d4e295ed

  • SHA256

    e7274f1c8c45bce731b3739749d63f13de04b259bbe825810bdab0e8d83ca901

  • SHA512

    e0009032672ef3aeca6750d46a14af1b3b87adf985e0e3d6a29ba272a40661d1e5310638805e6a3da277ccee665d121727d3d11f25cdf6f66cfe5ec0f1ae7041

  • SSDEEP

    24576:4BkVdlYASCS63vsMMZXwO/QKC9Vhjo1YoW+3L2Aem9XoWY:IsvSCS63vsMMh49z5PILmuHY

  Score

  10^/10

  cryptbotdiscoveryspywarestealer

  • CryptBot

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot

  • Cryptbot family

    cryptbot

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2