Analysis
-
max time kernel
145s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
08-11-2024 06:43
General
-
Target
0d08ee2ca8d53593d1394983068966c0f0f978afa9942e5df703f61a0579a9dd.exe
-
Size
583KB
-
MD5
7caf6ef7a1c22e7fc0b86eeacde90877
-
SHA1
1cd4567a334a9c07ba4eb6bda810523be182cf88
-
SHA256
0d08ee2ca8d53593d1394983068966c0f0f978afa9942e5df703f61a0579a9dd
-
SHA512
0aa4a9b3958ae519d5cf6e1e1080afbe515c009c2a18b923742bb213e892972a741d4a48190c46f992514c405e4bc0ead51501d057519e665f1a6a4ce15fe0cf
-
SSDEEP
12288:VynawiFoPmL0y5zWGFF6O7+d36xY+6KMKo6RUZyhj6wX6+N:VynawBPKRFEO6tuY1JBZmrX
Malware Config
Extracted
cryptbot
basessrb23.top
-
payload_url
http://dfgggloadt11.top/download.php?file=lv.exe
Signatures
-
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
CryptBot payload 5 IoCs
-
Cryptbot family
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious use of FindShellTrayWindow 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0d08ee2ca8d53593d1394983068966c0f0f978afa9942e5df703f61a0579a9dd.exe"C:\Users\Admin\AppData\Local\Temp\0d08ee2ca8d53593d1394983068966c0f0f978afa9942e5df703f61a0579a9dd.exe"1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious use of FindShellTrayWindow
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5aa2db10c6f4076f716aedb385b38d512
SHA19dae265c786d6c01d358a52e96d36607848e7106
SHA25674c54ab77f55b9ad37e49efd5a4acc89e753422a7817b9a9b3d52ffa579e0716
SHA51245c65ba85b13237fea61bc3bb6121fbfddf405e62b13f4e2babc39cb062d798a4f8b39aa8a16e1d5230c07c290422478fe2a906bb06502addc560f2577a9eff0
-
Filesize
45KB
MD57e1c7974fcc98b5277ea48754d67e1ac
SHA19ba6a12557d0f3640630d99cb3ae5050374b4339
SHA256d4226393bad15206f5f73b7fa339be7abcfa2ff66643e073697abdc6fd6d2454
SHA512fb3514a06d281b5bda1ff96fcce6ee91b79fd53cbdefdf2c5512975eb57ed955ba0efc10ad851b27f404243f6582c86cfb14ad6457c35b408f858ebe02014713
-
Filesize
40KB
MD591df12ed0b5bf0e9875537ab470dcbd9
SHA115d41418f7c279dbd5b49b1d87d01f9df31a0d16
SHA2564d0b1e915cb26760329f4fc0b06bc6e90d6f2551613172e4efa1260cf14ff88e
SHA512c092e3772c0958ce3896e9eb3fd4c35f192a6f84a0e39f62fdba1c253331343ecba5ee61ae379d28a2046fdbfdb6a7f647f7f1012fb81287c8b8cf4baacb3d5d
-
Filesize
1KB
MD5311264214a63c9258d730e9533f15ed0
SHA1189956df104be53a838dd0760a7c0f803df12801
SHA256be4fe0f21c67f9c6ef236492b5061c56c4e675942085ff7dc9cd0f5fb921355e
SHA512ece68c334a9b108b5665eee7d74adeb9c4c2dcd9d6ce9237e6e8664e0051f19cc3107e7fb462656136e5e04bcd81f0d93d8e884c689991518dc6fa7bcac0388d
-
Filesize
1KB
MD58be5d80ff10cc48eb050edbf1225dee5
SHA1e9b752a85013f72503d89b4dbbd60a4762b9f1e7
SHA2560826647551b407df72ae911afe9ef39bf8c4f7ee15301a9f9412584431263742
SHA5128448aec97056a6f56dc84bee5c7a3ffed540935c9286d606c42061b9a6b197ad5c3dbe64170d3195fc974ee6b443dcc94c1b3fa28fe04c89f945cad44bede298
-
Filesize
7KB
MD5eb0ca5f52c2db51fc9f7d7e9e17623ac
SHA1c1d6fab43cf2f7c8a9b2ea4964cbd6d4bd60e00a
SHA2567e62becfdef6dd8de04ba170554ec443ca0cff0c0f37f174eb4920f5e56506b7
SHA51200696b01cfa038d34fadee3b1bef03b02d4c46d740ee4a3ef653ffa986f732f3e839a04a6013e56d7981a71bf93dec337df8ea5cd09d8d044fdae37ec02dc471
-
Filesize
40KB
MD574fcb9b6bade9f3f6ec0eda313af0b66
SHA102597d2da12b3e69a63b87f3ed80331e83e9e9e7
SHA256c86f30b31dbed9100e9e192a20b410a0b93f42bc4a774b446728012594ea4912
SHA512f6d7b318cb6617f38469b701ab3c4575504bf0fc77786f549805ad13787d0625d28d4924aaf81f59a9c8e28cf2503c871925e6a42bf12c1a5e7ddfcdfa1102c5
-
Filesize
77.7MB
-
Filesize
77.7MB
-
Filesize
77.7MB
-
Filesize
652KB
-
Filesize
652KB
-
Filesize
640KB
