General
-
Target
8b6a0a8d8594fb4f465a8220533a8cbf25fb725220dfc35056c7787b27d89643.exe
-
Size
12.2MB
-
Sample
241219-dv79lawmfn
-
MD5
b7f95a6fba7ee898425a69ffd2b6c204
-
SHA1
d995e2ed97947778c489f6384ba3af0f4343c0bc
-
SHA256
8b6a0a8d8594fb4f465a8220533a8cbf25fb725220dfc35056c7787b27d89643
-
SHA512
3b9d35e20161767dabea7bda5ed7db3f63ce738e0934965695dedf1f7487fc092c0e2fe3cf35b9656f521c2ab9e30596cda49d38c7ace360ff2b2b0e52930b59
-
SSDEEP
196608:1MRd/45eJp2M0lVasW4PEaYjxR3eYr4+hn:tf7CxwAn
Behavioral task
behavioral1
Sample
8b6a0a8d8594fb4f465a8220533a8cbf25fb725220dfc35056c7787b27d89643.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
8b6a0a8d8594fb4f465a8220533a8cbf25fb725220dfc35056c7787b27d89643.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
8b6a0a8d8594fb4f465a8220533a8cbf25fb725220dfc35056c7787b27d89643.exe
-
Size
12.2MB
-
MD5
b7f95a6fba7ee898425a69ffd2b6c204
-
SHA1
d995e2ed97947778c489f6384ba3af0f4343c0bc
-
SHA256
8b6a0a8d8594fb4f465a8220533a8cbf25fb725220dfc35056c7787b27d89643
-
SHA512
3b9d35e20161767dabea7bda5ed7db3f63ce738e0934965695dedf1f7487fc092c0e2fe3cf35b9656f521c2ab9e30596cda49d38c7ace360ff2b2b0e52930b59
-
SSDEEP
196608:1MRd/45eJp2M0lVasW4PEaYjxR3eYr4+hn:tf7CxwAn
Score10/10-
Cryptbot family
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Persistence
Modify Authentication Process
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
1Credentials In Files
1