General

  • Target

    8b6a0a8d8594fb4f465a8220533a8cbf25fb725220dfc35056c7787b27d89643.exe

  • Size

    12.2MB

  • Sample

    241219-dv79lawmfn

  • MD5

    b7f95a6fba7ee898425a69ffd2b6c204

  • SHA1

    d995e2ed97947778c489f6384ba3af0f4343c0bc

  • SHA256

    8b6a0a8d8594fb4f465a8220533a8cbf25fb725220dfc35056c7787b27d89643

  • SHA512

    3b9d35e20161767dabea7bda5ed7db3f63ce738e0934965695dedf1f7487fc092c0e2fe3cf35b9656f521c2ab9e30596cda49d38c7ace360ff2b2b0e52930b59

  • SSDEEP

    196608:1MRd/45eJp2M0lVasW4PEaYjxR3eYr4+hn:tf7CxwAn

Malware Config

Extracted

Family

cryptbot

Targets

    • Target

      8b6a0a8d8594fb4f465a8220533a8cbf25fb725220dfc35056c7787b27d89643.exe

    • Size

      12.2MB

    • MD5

      b7f95a6fba7ee898425a69ffd2b6c204

    • SHA1

      d995e2ed97947778c489f6384ba3af0f4343c0bc

    • SHA256

      8b6a0a8d8594fb4f465a8220533a8cbf25fb725220dfc35056c7787b27d89643

    • SHA512

      3b9d35e20161767dabea7bda5ed7db3f63ce738e0934965695dedf1f7487fc092c0e2fe3cf35b9656f521c2ab9e30596cda49d38c7ace360ff2b2b0e52930b59

    • SSDEEP

      196608:1MRd/45eJp2M0lVasW4PEaYjxR3eYr4+hn:tf7CxwAn

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Cryptbot family

    • Detects CryptBot payload

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks