General
-
Target
JaffaCakes118_ba160d4beb7afd708071afae7cbdd753e15b43f4472050b0ea1820f54c39c2c2
-
Size
357KB
-
Sample
241224-vn4fhasmfv
-
MD5
ea1d47ce481a8b9b8fd3b1a2bbea1ab6
-
SHA1
6520c1b11047bf0c51d452d11dcc149ef1522261
-
SHA256
ba160d4beb7afd708071afae7cbdd753e15b43f4472050b0ea1820f54c39c2c2
-
SHA512
e4ca373b068cc7a9720b7e48ad1bb21167d80e082f6f47fa3e38cfa5fe90b6ecd3258cc5a3da0140100c62bf7564a5dbb7721d24f0e4c7682b48cee3884906d4
-
SSDEEP
6144:R4HPvDK+O2fZXNYHkEFty1VMYRpcedsv4qbdSxfzUHut24A2DYd:g++vfZXGny1V/pxCAq0xfzUHuA
Static task
static1
Behavioral task
behavioral1
Sample
Setup_32x_64x.exe
Resource
win7-20240903-en
Malware Config
Extracted
cryptbot
cipyfo25.top
morhej02.top
-
payload_url
http://sahbog02.top/download.php?file=acheta.exe
Targets
-
-
Target
Setup_32x_64x.exe
-
Size
785KB
-
MD5
fa388cb487e6a30efc90df8d6a54b430
-
SHA1
3707474e14ba8df589682edf4e6a1cf020ce9862
-
SHA256
17f6a6c407112e236586d078a77bef0947bdae149bf8c6e025bd9d0c479f0e3f
-
SHA512
92bee7c92a451cb1ad06a8ca1f634a7c8d4aeb340fb70129d337b8ea3797df73bdf45bcf49fc38d36a80f034a62ce25029bf639199cb3815499ac9e7c2e81c29
-
SSDEEP
12288:oU2JEwzrwsblKWWG6YDsLViPaPr5RpGJ/zs87GSu:cqGrwsbNnDsLViCPrISIu
-
Cryptbot family
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-