General

  • Target

    4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d

  • Size

    6.3MB

  • Sample

    241124-2c73wasrgx

  • MD5

    f519bedcebceefef74d90b41bb91dd09

  • SHA1

    801c2788587669b36d8a4a16f3e822ca4bc51676

  • SHA256

    4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d

  • SHA512

    f9c9cb90e6fef6ff75bbcdd6485d8d34ea2413e5ef289adae05d331384cf1dfdc563c9a70cf812797823b0e8e71f101af736be2eff4a4b979c1efaac9b0dbc24

  • SSDEEP

    98304:UPdx/6o/EJ6N6ExIxrnumYqGX2LsQmzpVPIlZj3B25RlEYzc8+edv+173j6amzqa:UL6ocnTszpVPOGr/+epGqamz86

Malware Config

Extracted

Family

cryptbot

C2

veoxjo24.top

morpib02.top

Targets

    • Target

      4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d

    • Size

      6.3MB

    • MD5

      f519bedcebceefef74d90b41bb91dd09

    • SHA1

      801c2788587669b36d8a4a16f3e822ca4bc51676

    • SHA256

      4c06090805a5e62862ff2d0b91b9a117778903f87d141494d31124383e39404d

    • SHA512

      f9c9cb90e6fef6ff75bbcdd6485d8d34ea2413e5ef289adae05d331384cf1dfdc563c9a70cf812797823b0e8e71f101af736be2eff4a4b979c1efaac9b0dbc24

    • SSDEEP

      98304:UPdx/6o/EJ6N6ExIxrnumYqGX2LsQmzpVPIlZj3B25RlEYzc8+edv+173j6amzqa:UL6ocnTszpVPOGr/+epGqamz86

    • Babadeda

      Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

    • Babadeda Crypter

    • Babadeda family

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Cryptbot family

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks