General

  • Target

    JaffaCakes118_76c74d2a50b94ab04b20a428d73503f41f9750d40ed5825087ac828a1b7d8a09

  • Size

    404KB

  • Sample

    241223-zwcpza1nem

  • MD5

    51ea626694e3b7e8ca40d6cd36730b62

  • SHA1

    7db3674b4878364f5710436533c2e6ea63a68178

  • SHA256

    76c74d2a50b94ab04b20a428d73503f41f9750d40ed5825087ac828a1b7d8a09

  • SHA512

    6a978ef984c96346a2de60a6d7f160e18d4f93180b0ee463025c9fe1b19c39f4b0b1a420a2b12ac5b695823f04d36fe434f614953d82f438ca633e01cb31f163

  • SSDEEP

    6144:GL+/x0wNWY9QjIO0SIOZYcQJnLhhz0PT2lSCJoQI/6NtvncMy:GLYxKXr5Izc+Lhhz0PT2ICJosNtvn

Malware Config

Extracted

Family

cryptbot

C2

unic15m.top

unic15e.top

Targets

    • Target

      JaffaCakes118_76c74d2a50b94ab04b20a428d73503f41f9750d40ed5825087ac828a1b7d8a09

    • Size

      404KB

    • MD5

      51ea626694e3b7e8ca40d6cd36730b62

    • SHA1

      7db3674b4878364f5710436533c2e6ea63a68178

    • SHA256

      76c74d2a50b94ab04b20a428d73503f41f9750d40ed5825087ac828a1b7d8a09

    • SHA512

      6a978ef984c96346a2de60a6d7f160e18d4f93180b0ee463025c9fe1b19c39f4b0b1a420a2b12ac5b695823f04d36fe434f614953d82f438ca633e01cb31f163

    • SSDEEP

      6144:GL+/x0wNWY9QjIO0SIOZYcQJnLhhz0PT2lSCJoQI/6NtvncMy:GLYxKXr5Izc+Lhhz0PT2ICJosNtvn

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Cryptbot family

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks