General

  • Target

    b0f26518a6a528d697ee4a335bdc73b5_JaffaCakes118

  • Size

    711KB

  • Sample

    241129-nm2ryssqht

  • MD5

    b0f26518a6a528d697ee4a335bdc73b5

  • SHA1

    c30b0acf4aec48e55f7bdc7e671b35792b91dece

  • SHA256

    ce7d94e2c15962b64b2ba26e656e8c11fee4b042c11021dc242ae1cf0b537b2d

  • SHA512

    0e760dfcece5084a37901bd223ab192e34ea8e40e588d6b4658bc2ceaf3f50bfca85bd9ffd07b27ac49a3f05aa2402b21a8f83c15f71ae0820bf11e64edc5b0e

  • SSDEEP

    12288:LVte9iz4NoV304o1tLt48ixrbm/2hR3PMYG1uf3+2:fKm4NzWx2uh9kZ1+39

Malware Config

Extracted

Family

cryptbot

C2

lyspsc22.top

morepq02.top

Attributes
  • payload_url

    http://damsez02.top/download.php?file=lv.exe

Targets

    • Target

      b0f26518a6a528d697ee4a335bdc73b5_JaffaCakes118

    • Size

      711KB

    • MD5

      b0f26518a6a528d697ee4a335bdc73b5

    • SHA1

      c30b0acf4aec48e55f7bdc7e671b35792b91dece

    • SHA256

      ce7d94e2c15962b64b2ba26e656e8c11fee4b042c11021dc242ae1cf0b537b2d

    • SHA512

      0e760dfcece5084a37901bd223ab192e34ea8e40e588d6b4658bc2ceaf3f50bfca85bd9ffd07b27ac49a3f05aa2402b21a8f83c15f71ae0820bf11e64edc5b0e

    • SSDEEP

      12288:LVte9iz4NoV304o1tLt48ixrbm/2hR3PMYG1uf3+2:fKm4NzWx2uh9kZ1+39

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • CryptBot payload

    • Cryptbot family

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks