Overview

overview

10

Static

static

3

43d43cae0a...6f.exe

windows7-x64

10

43d43cae0a...6f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-11-2024 22:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    43d43cae0a7432a80a3ea1f12b6d134ee9814a46dbe8d5d7556f6d50f0a1506f.exe

  • Size

    4.0MB

  • MD5

    d382233f2487e3a80ce6fe3947790698

  • SHA1

    e0432fb62e612bfde6c4a177207c96e0f98a3036

  • SHA256

    43d43cae0a7432a80a3ea1f12b6d134ee9814a46dbe8d5d7556f6d50f0a1506f

  • SHA512

    26ef09c884d7e10d2acbc9c774d16cedad26e1f8e9c5a08b9f09b79baa001e06af7e4d28c87e0c4a091b936dea7ae482d2a730d72390f8b56dd8410929ef2c9a

  • SSDEEP

    98304:TOevFArh176FXP44VgUhkB6cIvQeKuYz5mh3J5:TdFAN1anFhk4yeKuYOJ5

Score
10/10
cryptbotdiscoveryspywarestealer

Malware Config

Extracted

Family

cryptbot

C2

briybc32.top

Signatures

  • CryptBot

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot
  • Cryptbot family
    cryptbot
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\43d43cae0a7432a80a3ea1f12b6d134ee9814a46dbe8d5d7556f6d50f0a1506f.exe
    "C:\Users\Admin\AppData\Local\Temp\43d43cae0a7432a80a3ea1f12b6d134ee9814a46dbe8d5d7556f6d50f0a1506f.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    PID:924

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\JiSxhXTxT\VEWwhIeAYV.zip
    Filesize

    9KB

    MD5

    de7d7fd8814045c08268042d2d19ee62

    SHA1

    daa516a764b610fdfd3839ed4d71626894b8f0fe

    SHA256

    ea3189ce72e5273d74ac81c76fffedbd121603f3f0b396eded27eb1235d978bc

    SHA512

    70223c7b12c282dfe3e8c683fb168722718395fd88ead596149f2c5fb6f596887c523646877a92af222d2ad8fad69b501b3373c74713a580c2d9ea3b64c83584

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\JiSxhXTxT\_Files\_Information.txt
    Filesize

    1KB

    MD5

    1ad3e5d276e33ade1328293406febc24

    SHA1

    10488a2bfda651c8a107a8bfeddb8c0f1582fb63

    SHA256

    55914a376fb35547485125716663f7c5acd2bf7eb1dac689af6443755809058c

    SHA512

    772ca1fdbd575bdbbf52a6dd3780292007a5395a0334dc768cba00b3fb49d8f72a4d4bc527f92b4c1a2b295fa2b3c1c6031670af56ccc6c612baf368f39740a2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\JiSxhXTxT\_Files\_Information.txt
    Filesize

    1KB

    MD5

    04c622d0e13672b6e7d912b4c08a9673

    SHA1

    4e68aa1a2e85d161346c2c74feb26513af6c95d3

    SHA256

    184b0b4c354a0ac3404c770797b40c65ef4a865d6ce577657cc71db08e1658f1

    SHA512

    79dc928bd484237c5bcf12076801b2399c5498ea13d681c1fed10f29a11d6e5193d50f651d29e24d33679c4becd667fe1639a5813f79aad11697ffd4e2c5b524

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\JiSxhXTxT\_Files\_Information.txt
    Filesize

    7KB

    MD5

    047edb4dacf0262b16b15652507f7909

    SHA1

    f404a13765616c38b62103fc927215e2a148286e

    SHA256

    8571bf7358c84ae0ca5131a18851e42f2aef6e2afbdbc4734aea1fdc184cc12f

    SHA512

    58f06ac800482bb4dda68fa174939c2efc836038b61700efb37668641774e48349d66d4df887876f89688bacdb7c242382384e84c322988c102d8c49d2fcae9d

    Download Submit

  • memory/924-6-0x0000000000400000-0x0000000000D52000-memory.dmp

    Filesize

    9.3MB

    Download

  • memory/924-133-0x0000000001000000-0x0000000001041000-memory.dmp

    Filesize

    260KB

    Download

  • memory/924-7-0x0000000001050000-0x0000000001051000-memory.dmp

    Filesize

    4KB

    Download

  • memory/924-0-0x0000000000400000-0x0000000000D52000-memory.dmp

    Filesize

    9.3MB

    Download

  • memory/924-8-0x0000000000400000-0x0000000000D52000-memory.dmp

    Filesize

    9.3MB

    Download

  • memory/924-9-0x0000000000400000-0x0000000000D52000-memory.dmp

    Filesize

    9.3MB

    Download

  • memory/924-10-0x0000000000400000-0x0000000000D52000-memory.dmp

    Filesize

    9.3MB

    Download

  • memory/924-11-0x0000000000400000-0x0000000000D52000-memory.dmp

    Filesize

    9.3MB

    Download

  • memory/924-12-0x0000000003170000-0x00000000031B7000-memory.dmp

    Filesize

    284KB

    Download

  • memory/924-19-0x0000000000400000-0x0000000000D52000-memory.dmp

    Filesize

    9.3MB

    Download

  • memory/924-3-0x0000000000400000-0x0000000000D52000-memory.dmp

    Filesize

    9.3MB

    Download

  • memory/924-2-0x0000000000400000-0x0000000000D52000-memory.dmp

    Filesize

    9.3MB

    Download

  • memory/924-4-0x0000000000401000-0x0000000000CC4000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/924-5-0x0000000001000000-0x0000000001041000-memory.dmp

    Filesize

    260KB

    Download

  • memory/924-135-0x0000000000400000-0x0000000000D52000-memory.dmp

    Filesize

    9.3MB

    Download

  • memory/924-134-0x0000000000401000-0x0000000000CC4000-memory.dmp

    Filesize

    8.8MB

    Download

  • memory/924-143-0x0000000000400000-0x0000000000D52000-memory.dmp

    Filesize

    9.3MB

    Download

  • memory/924-144-0x0000000000400000-0x0000000000D52000-memory.dmp

    Filesize

    9.3MB

    Download

  • memory/924-146-0x0000000000400000-0x0000000000D52000-memory.dmp

    Filesize

    9.3MB

    Download

  • memory/924-148-0x0000000000400000-0x0000000000D52000-memory.dmp

    Filesize

    9.3MB

    Download

  • memory/924-1-0x0000000001000000-0x0000000001041000-memory.dmp

    Filesize

    260KB

    Download

  • memory/924-150-0x0000000000400000-0x0000000000D52000-memory.dmp

    Filesize

    9.3MB

    Download

  • memory/924-153-0x0000000000400000-0x0000000000D52000-memory.dmp

    Filesize

    9.3MB

    Download

  • memory/924-157-0x0000000000400000-0x0000000000D52000-memory.dmp

    Filesize

    9.3MB

    Download

  • memory/924-163-0x0000000000400000-0x0000000000D52000-memory.dmp

    Filesize

    9.3MB

    Download

  • memory/924-182-0x0000000000400000-0x0000000000D52000-memory.dmp

    Filesize

    9.3MB

    Download

  • memory/924-186-0x0000000000400000-0x0000000000D52000-memory.dmp

    Filesize

    9.3MB

    Download