Analysis
-
max time kernel
115s -
max time network
116s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
20-11-2024 23:11
General
-
Target
ddd6c257d7dd9ca79f0bd9dc4db516e820175ee6a24fa662d7ab055bb8ba3f66.exe
-
Size
419KB
-
MD5
cb36ff9db11188635b0ded3b4e063d13
-
SHA1
b05a796555f738079940a9c39312e6a7f14b9daf
-
SHA256
ddd6c257d7dd9ca79f0bd9dc4db516e820175ee6a24fa662d7ab055bb8ba3f66
-
SHA512
fc1ac751f93df24a5ee17970c714d96f9ebb3b96c6467293769cb2c52199d22a2e4362a516058b808e2266bb8adef8fa018d2ee6c579968571527162bf85b9e8
-
SSDEEP
12288:QHEKqNxt0FXDFun2XNSNc6kk8v2OSSnslW:QtqNuZxQP8+OSC0W
Malware Config
Extracted
cryptbot
veomho62.top
morizu06.top
-
payload_url
http://tynmat16.top/download.php?file=roamer.exe
Signatures
-
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Cryptbot family
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes
-
C:\Users\Admin\AppData\Local\Temp\ddd6c257d7dd9ca79f0bd9dc4db516e820175ee6a24fa662d7ab055bb8ba3f66.exe"C:\Users\Admin\AppData\Local\Temp\ddd6c257d7dd9ca79f0bd9dc4db516e820175ee6a24fa662d7ab055bb8ba3f66.exe"1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
360KB
MD59957dcd1bc29ddb219601f0ee5fcb037
SHA1b15b1f5abbba94948fe1b4b9422523bc4164adde
SHA256f609c820a749daedb2047f5375398a3ec0725cdf0e8a4916f7c6504bad1bb410
SHA5125a01c20cf03015030503afccc8c2b3f39041de2407c361f9b740eb0a31fde03531609280cbe6a1015bbde7625ac2ceaf36e1d028b39600c25b8997830fe186f4
-
Filesize
305KB
MD50ab53ee53d5aa6b2744eabea8b4f1a71
SHA1b9e21bbdf26d2cc1cf4c6ad494fa63b8b09aaf1b
SHA25693aaecc62fc01001447f3916c1033d805631aff858d99e81a15902fa675d8915
SHA512de330f1f1af7e23c456bb2840ace20ea1bf9df84a206032777c1859c80ee4af8f9a33dfd522bda74a82b43300cf7ccd851a6f7007e63fa83665479146c228605
-
Filesize
1KB
MD5c848038c7d35e33f83a3c1f68ad0e019
SHA14282c5520527e5ebe4636599ad84aab3a1ffc96b
SHA256f790cedb1deb500ca51780873ee1686e982fc783161d5bb7fc644ea02dbdb5f7
SHA512c8a4858d6f81462c20e108cdc2a5ea1478b8a0501adea1563524d01b4dc8e0925ca0f942d62d1dec060dbdce76c8e3680062df5897384e8d66b6c333315a9d66
-
Filesize
5KB
MD55640bd1f8a2bedddd189408d090b3bc9
SHA112f81ace73eb6d1c106bd163403c75213fd331d3
SHA25658eb2ee075be01e397430f1e734821db024df287e104e6cc9e64dd45599f5bd4
SHA5122439dce5623e38a1c4ffea3fb12a6fbef5ade4f8d351e71fceded20b95f3392aa3161ecc4a0e589fc1e44c6fdbe25eb8361cf37b75315ee2392c40b3c256eeb8
-
Filesize
59KB
MD56bf940490b582579579163db3fc2b892
SHA12a5cad04a5062d868a19f922a384c0e30b3e549d
SHA256508f925c9de9c0db10cc1ae63760a372b0b8fadb4231c56af12e2493369e4706
SHA51287075a9d44f52b28998d0dd603b35806e6e78ce70e229f773ce75626b9606fb703af694ce70022d16cd79c345a351fd4eb05ac23eb0f183df330b5f8b500c68b
-
Filesize
4.6MB
-
Filesize
4.6MB
-
Filesize
1024KB
-
Filesize
276KB
-
Filesize
288KB
-
Filesize
1024KB
-
Filesize
276KB
-
Filesize
4.6MB
-
Filesize
4.6MB
-
Filesize
288KB
-
Filesize
4.6MB
-
Filesize
4.6MB
-
Filesize
4.6MB
-
Filesize
4.6MB
-
Filesize
4.6MB
-
Filesize
4.6MB
-
Filesize
4.6MB
