General

  • Target

    JaffaCakes118_5749ca3bba0023fc257072a67da7724a772399fd66bbaf825527357a95bed194

  • Size

    387KB

  • Sample

    241224-1j52esykcj

  • MD5

    87fd447e1dfc44afef7593f5dd27a427

  • SHA1

    4101a9c049fc91ea24d65824d10f95263eaae88c

  • SHA256

    5749ca3bba0023fc257072a67da7724a772399fd66bbaf825527357a95bed194

  • SHA512

    590bd88ef61e87b45fcca3634556635b94a7015e0f8b016d714c20ac0fde3ce2f2e7e975f7a4a8d064c66d157eb968e0e9b81d4abed3ad456bcb4610f0fe4993

  • SSDEEP

    6144:SNb52zA3WmGYNIni6qeNfYl6LyIA7tt1a0FNgjFX:SNbkoWmGKKiVe8gyIAhtjNgh

Malware Config

Extracted

Family

cryptbot

C2

unic16m.top

unic16e.top

Targets

    • Target

      JaffaCakes118_5749ca3bba0023fc257072a67da7724a772399fd66bbaf825527357a95bed194

    • Size

      387KB

    • MD5

      87fd447e1dfc44afef7593f5dd27a427

    • SHA1

      4101a9c049fc91ea24d65824d10f95263eaae88c

    • SHA256

      5749ca3bba0023fc257072a67da7724a772399fd66bbaf825527357a95bed194

    • SHA512

      590bd88ef61e87b45fcca3634556635b94a7015e0f8b016d714c20ac0fde3ce2f2e7e975f7a4a8d064c66d157eb968e0e9b81d4abed3ad456bcb4610f0fe4993

    • SSDEEP

      6144:SNb52zA3WmGYNIni6qeNfYl6LyIA7tt1a0FNgjFX:SNbkoWmGKKiVe8gyIAhtjNgh

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Cryptbot family

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks