cryptbot | f780e06cf23d87e9373947e8460e89b422bafad1775cc148b4cb9fbae9d53293 | Triage

Sharing

General

Target

94ae98d3e8368e90f7777ee3df51da77.bin
Size

5.9MB
Sample

241120-y95r8stcmk
MD5

b554ebf1a0b48b9c432251f4fac3601e
SHA1

3447d54f76e916ac22db7071667f99da7695a0c4
SHA256

f780e06cf23d87e9373947e8460e89b422bafad1775cc148b4cb9fbae9d53293
SHA512

238851782d88f3d9b77355767c285630b9a1a352da43a20469210641200d638d3ee69f60344756dee93bf43c8d79c34ae8414bebacd6d00bb815c6aa49287533
SSDEEP

98304:VjaNW1DbcVRypfKtskiQvPbN+Ifpyc6F7pN/NCR2zMyjyLjNikP1o9GgkuQRo4JV:QNWtc/2fqJHbxPFADyL49xkuQN0+Uev

Score

10^/10

cryptbot discovery spyware stealer

Malware Config

Extracted

Family

cryptbot

C2

http://ivyzhi22.top/gate.php

Attributes

payload_url
http://womozi02.top/agnize.dat

Targets

- Target
  
  f667ab33b49d8b8389e116a05849032cc2e78a7578b12cdd07ed89a931c3c464.exe
- Size
  
  6.3MB
- MD5
  
  94ae98d3e8368e90f7777ee3df51da77
- SHA1
  
  513b8681ac6088324731af512cb44ea49d223d27
- SHA256
  
  f667ab33b49d8b8389e116a05849032cc2e78a7578b12cdd07ed89a931c3c464
- SHA512
  
  945d77ed3e8aa250025b5d04ec60d06163c2556c0453d6c81af06031a1fd053c6cdc272bcfff71c0405375d669759b7e076122e490d5ad8c3fda7bfee9198f7c
- SSDEEP
  
  196608:BH6U57641LiUDQVnzWG/VsqUaJlReG73o:F5+7UDc9ZE
Score

10^/10

cryptbot discovery spyware stealer
- CryptBot
  CryptBot is a C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- Cryptbot family
  cryptbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptbotdiscoveryspywarestealer

behavioral2

cryptbotdiscoveryspywarestealer