General

  • Target

    JaffaCakes118_729ca5e881b7d03cb1691b722d04d9a12212950c808afa97197fb58d2c89060e

  • Size

    4.9MB

  • Sample

    241223-28m3ksvlgn

  • MD5

    79f917d93112b6885a6119356a2d7195

  • SHA1

    8690d12c8160712b588024f4fb9b13663b21f50b

  • SHA256

    729ca5e881b7d03cb1691b722d04d9a12212950c808afa97197fb58d2c89060e

  • SHA512

    3cd5cfbdd101a76c6b87a39c8b10ca0995a0959b645c47da9c4870b579b9466b779451d86f4b48a282bafb91ba1ca2d8d78baaacf3a31a2e6ca1bc20b6ef2426

  • SSDEEP

    98304:H7Zzjbqatb4ahawrNgCNsXksc8tLg9HjeCQsDlfepv92n+1/HITUpioW5n/:bwS/PNgCNsUutaeCQsuw4gUIv/

Malware Config

Extracted

Family

cryptbot

C2

cempqe34.top

morbug03.top

Targets

    • Target

      beb4c0c6486545826c2ec5fa5ba44d02abeb20558e55f47c51366523cacdde27

    • Size

      6.3MB

    • MD5

      6e5e1bac0fa5768a191bde698e4832a1

    • SHA1

      9182bc5888b5b64618521260b1aa1f0daecd236d

    • SHA256

      beb4c0c6486545826c2ec5fa5ba44d02abeb20558e55f47c51366523cacdde27

    • SHA512

      6ae6f422930c3d54bd88d86746d4e6027c280c3a3ceb5f22089512e8da10aad1cc1c7c1c1c524f67f490d332a452d039db88481e97a94d90cb75edf4db09094e

    • SSDEEP

      98304:FH7CgqLPRPYv7cZuwYx72XPo0+X86zVwE+F4mTE2h0ysdrPVX+wyDz0CQJX7n+EA:p+gqLKB2p/cwFFdQA0/P1y+x7Hz7hyys

    • Babadeda

      Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

    • Babadeda Crypter

    • Babadeda family

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Cryptbot family

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks