General

  • Target

    zk1b090h.exe

  • Size

    6.6MB

  • MD5

    55fa72355adcbb75223ac046d578fa56

  • SHA1

    3019ea8f26578b819d855db05feabb4f5b4dd87e

  • SHA256

    c297513faa34104fe812a1e59d0f98fb6fe741d2ddb2fc424dce33ee175a8c7e

  • SHA512

    31c87d2bbf585c5b382670c66c604e59016cc913a4fdba6bc8347a85ab4c88fc16ad67aa8762d681280dbccb26cd0ef3397cbd8f5e383d8a33b656a1bce48ede

  • SSDEEP

    49152:hA9riiU/Tg653E9eb2DX44sFbjPClxfqLqJi1mxYt37re0hSZkF1KXCbxlNEsgGn:hA0065EDotFbjPyxCL80m63MqKG

Malware Config

Extracted

Family

cryptbot

C2

http://home.tventjo20vs.top/lwRwtEGztSQcWvXoArFS90

Signatures

  • Cryptbot family
  • Embeds OpenSSL 1 IoCs

    Embeds OpenSSL, may be used to circumvent TLS interception.

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • zk1b090h.exe
    .exe windows:4 windows x86 arch:x86

    75e9a96c170d19e8c4564ec5026224f5


    Headers

    Imports

    Sections