General
-
Target
JaffaCakes118_f9d1611e9c76704829a006ca1a15c810063c0c68f2c9466cfafe583de36c4a0e
-
Size
1.7MB
-
Sample
241224-sf1njazqdq
-
MD5
3c5798fe337421e0c6f7ca3d0954c55a
-
SHA1
11e5557b97f7c1f3871a1812c0d41687fa45384f
-
SHA256
f9d1611e9c76704829a006ca1a15c810063c0c68f2c9466cfafe583de36c4a0e
-
SHA512
9f89783d796bfe2834cea51ecd7802d7fc511abb0396067f8bc4b66072a9d8c7ff47a87a0260ed52a581e9a3079a79afa6a4194c0a26be7670308964b8198891
-
SSDEEP
49152:kRl2iBtH0jluEX1DZIrHUbywSCWjQzhkBc6MUKR:UrUjYElDZILUbfSCWUzhlDX
Static task
static1
Behavioral task
behavioral1
Sample
32_64_ver_1_bit.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
32_64_ver_1_bit.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
32_64_ver_1_bit.bin
-
Size
1.8MB
-
MD5
cf79a81627e7b71ca9bdd33ba812b7a0
-
SHA1
26c35564bde9adcc2c56d062fce809ee2b4ee82d
-
SHA256
607d4323ec499f3d2d39f10ce3e539442c2c8959be41afe20d6a2a68b5406f8b
-
SHA512
79b1a6429432e4b4860f3226cf892c14a77cc8c9b55b8d4990c43af8a4d9f8ef09dfa6a43e2f05671ea4dc20625ccd1a1d3507c227a49f35ef74df892fba9342
-
SSDEEP
49152:P5+hFYPN3BwAALqBZ3mpkPGx6pMYLI1i+3gj:P5aFYtBHb5JPG0pMCMC
Score10/10-
CryptBot payload
-
Cryptbot family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
4