cryptbot | bca6214f39e91508f64c1418cd353b7da0245c64f97e40dee305fe6b7af7c577 | Triage

Submit
Reports

Overview

overview

Static

static

3

Setup.exe

windows7-x64

Setup.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_bca6214f39e91508f64c1418cd353b7da0245c64f97e40dee305fe6b7af7c577
Size

1.7MB
Sample

241225-gk41zazjbw
MD5

07d0d8d2d82888fba80b9f96ffd543f3
SHA1

b00a01d48ea5ec316e50eae806dd0f56e74f7d3e
SHA256

bca6214f39e91508f64c1418cd353b7da0245c64f97e40dee305fe6b7af7c577
SHA512

afc70e1d457ba63ef8911e410a07d02ab35174c738dc0a57bf7976e9c932cc7fb6df459ca59d2fe7d7da2b65365f5ede689871e1e77642fe15fa082def45a27d
SSDEEP

49152:zQmn5tFLzDGu/oWBi0UdDzt4hGLO86psVbLK:cS5/DQci0Gzt4hGd4sVLK

Score

10^/10

cryptbot discovery evasion spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win7-20241010-en

cryptbot discovery spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Setup.exe

Resource

win10v2004-20241007-en

cryptbot discovery evasion spyware stealer

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  Setup.bin
- Size
  
  1.7MB
- MD5
  
  2823d9eef3511031b57d8bec7fb743a1
- SHA1
  
  d2d4957eefe95ac4d9646104004b9fac44396fcd
- SHA256
  
  e502363c54e70b24779cae4ca1b82a66178ec0f2e7f9825c55090f0b13352431
- SHA512
  
  e356364fb8ae46e2a8ec924d88b039d0450ffb60190d02b3687e58e63dbe73ebbe14834b7b7493c059edf24910664c4306dddee71263cb96601ab9cb8e26ad01
- SSDEEP
  
  49152:P5+hFBYqALFHGk3r2Hcmojw+hlI210cocdi6lf5Lc:P5aFmHtJdhb1nogRfLc
Score

10^/10

cryptbot discovery spyware stealer evasion
- CryptBot
  CryptBot is a C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- CryptBot payload
- Cryptbot family
  cryptbot
- Blocklisted process makes network request
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

File and Directory Permissions Modification

Hide Artifacts

Hidden Files and Directories

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

cryptbotdiscoveryspywarestealer

behavioral2

cryptbotdiscoveryevasionspywarestealer

© 2018-2025

Terms | Privacy