General
-
Target
cc5f1e5ef2d6e4248d67afcbd116a6bf_JaffaCakes118
-
Size
964KB
-
Sample
241206-lxp5ss1qa1
-
MD5
cc5f1e5ef2d6e4248d67afcbd116a6bf
-
SHA1
911e7c76c4313782e657ac7da875c30d72ee4c10
-
SHA256
1b53eaa16ac6641e86a2788a36492d11eafe4713e9093ecfc915ece3520440e1
-
SHA512
f58dd447d8a47e51e20898aba1db66711e6e96eb6e0aad97e6b4ade9fd1441096166c47c765124795ec5662735a090312ab9e6e720f99951fd04de56454b5695
-
SSDEEP
24576:+jfEg1rhcZ4zaoanHpcR25cNcUrWnUafkJbSgjEHArn:+jfECrhw4zgck56cUin1famgjEHM
Malware Config
Targets
-
-
Target
cc5f1e5ef2d6e4248d67afcbd116a6bf_JaffaCakes118
-
Size
964KB
-
MD5
cc5f1e5ef2d6e4248d67afcbd116a6bf
-
SHA1
911e7c76c4313782e657ac7da875c30d72ee4c10
-
SHA256
1b53eaa16ac6641e86a2788a36492d11eafe4713e9093ecfc915ece3520440e1
-
SHA512
f58dd447d8a47e51e20898aba1db66711e6e96eb6e0aad97e6b4ade9fd1441096166c47c765124795ec5662735a090312ab9e6e720f99951fd04de56454b5695
-
SSDEEP
24576:+jfEg1rhcZ4zaoanHpcR25cNcUrWnUafkJbSgjEHArn:+jfECrhw4zgck56cUin1famgjEHM
Score10/10-
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Cryptbot family
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2