General
-
Target
JaffaCakes118_791661fa93116cdaab35d2beb8880f8f3ca02a586bd433c97264f8fff305dc3a
-
Size
1.7MB
-
Sample
241224-2p931azmbp
-
MD5
50acd47b8e42d1bad8591396d138b640
-
SHA1
941437a23e445b2ee65ea0e6068d6d0156ac2821
-
SHA256
791661fa93116cdaab35d2beb8880f8f3ca02a586bd433c97264f8fff305dc3a
-
SHA512
c5c33044ad415e557e90b362927158affedf6691a0a83bc28ebfaee3a6bdd1c5515e8c28bf65a895b815cda961f49f29d6764c2414521d6c3cac5bfaab613f30
-
SSDEEP
49152:X2d4gwaj5ea42JdGwgkYoqF7bfdJI0eoC9HZZfft51Mvs7h:XW4gwate4nAoqjqN55iv2h
Static task
static1
Behavioral task
behavioral1
Sample
sample.exe
Resource
win7-20241023-en
Malware Config
Targets
-
-
Target
sample
-
Size
1.7MB
-
MD5
e8ae1f3a412dd275335e8f0dc99a06f3
-
SHA1
9dd718b9536101926ae8e41be15ed1fe629d3d59
-
SHA256
6c8314cb40fe0f4bb65c307c8128332c62accce1581e1442ee7daac1d1847a85
-
SHA512
27b409331795ae4ca8bd312306c3465f96eb79c2ef3d27cf283f74d81513fa18c79b81a648143da46eb3838d29aae02654daa76c32254ee5aceb95ca1d7e6824
-
SSDEEP
49152:y2dYg2a/9AI4WJxMwmQYoiFPbfrJ8SMECXLzZtBtJ1Kvs3U:yWYg2aFASheoiZGJfJsvgU
-
CryptBot payload
-
Cryptbot family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2