General

  • Target

    JaffaCakes118_ba160d4beb7afd708071afae7cbdd753e15b43f4472050b0ea1820f54c39c2c2

  • Size

    357KB

  • Sample

    241224-vn4fhasmfv

  • MD5

    ea1d47ce481a8b9b8fd3b1a2bbea1ab6

  • SHA1

    6520c1b11047bf0c51d452d11dcc149ef1522261

  • SHA256

    ba160d4beb7afd708071afae7cbdd753e15b43f4472050b0ea1820f54c39c2c2

  • SHA512

    e4ca373b068cc7a9720b7e48ad1bb21167d80e082f6f47fa3e38cfa5fe90b6ecd3258cc5a3da0140100c62bf7564a5dbb7721d24f0e4c7682b48cee3884906d4

  • SSDEEP

    6144:R4HPvDK+O2fZXNYHkEFty1VMYRpcedsv4qbdSxfzUHut24A2DYd:g++vfZXGny1V/pxCAq0xfzUHuA

Malware Config

Extracted

Family

cryptbot

C2

cipyfo25.top

morhej02.top

Attributes
  • payload_url

    http://sahbog02.top/download.php?file=acheta.exe

Targets

    • Target

      Setup_32x_64x.exe

    • Size

      785KB

    • MD5

      fa388cb487e6a30efc90df8d6a54b430

    • SHA1

      3707474e14ba8df589682edf4e6a1cf020ce9862

    • SHA256

      17f6a6c407112e236586d078a77bef0947bdae149bf8c6e025bd9d0c479f0e3f

    • SHA512

      92bee7c92a451cb1ad06a8ca1f634a7c8d4aeb340fb70129d337b8ea3797df73bdf45bcf49fc38d36a80f034a62ce25029bf639199cb3815499ac9e7c2e81c29

    • SSDEEP

      12288:oU2JEwzrwsblKWWG6YDsLViPaPr5RpGJ/zs87GSu:cqGrwsbNnDsLViCPrISIu

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Cryptbot family

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks