cryptbot | 1d49c380b52456c5e5e3c17f77e30f755998eb239c9cb272d52f9db37744e06f | Triage

Sharing

General

Target

JaffaCakes118_1d49c380b52456c5e5e3c17f77e30f755998eb239c9cb272d52f9db37744e06f
Size

3.6MB
Sample

241225-p5alvstlfm
MD5

f384d8f765bf731b24f65e624cf3bb9f
SHA1

a4e076c523d90b3138a1f30724941705ccad66b1
SHA256

1d49c380b52456c5e5e3c17f77e30f755998eb239c9cb272d52f9db37744e06f
SHA512

4400d63c0c563d1d928954592d6cbf687de7aa3845031e04b97947d981945a548dc913f1e8779fab83744919bd003086e17cdbda571ec9a39081cdf941d5e516
SSDEEP

49152:8EfM6VudS4seS0o/OOdGN/RvQ4Zz7Xqu+kHSePJFArmWSmTWLvSfNIuL:8EkW6YCH9NHSePJFEmWWSf

Score

10^/10

cryptbot discovery spyware stealer

Malware Config

Extracted

Family

cryptbot

C2

veosgv17.top

morysl01.top

Attributes

payload_url
http://tyngle01.top/download.php?file=lv.exe

Targets

- Target
  
  JaffaCakes118_1d49c380b52456c5e5e3c17f77e30f755998eb239c9cb272d52f9db37744e06f
- Size
  
  3.6MB
- MD5
  
  f384d8f765bf731b24f65e624cf3bb9f
- SHA1
  
  a4e076c523d90b3138a1f30724941705ccad66b1
- SHA256
  
  1d49c380b52456c5e5e3c17f77e30f755998eb239c9cb272d52f9db37744e06f
- SHA512
  
  4400d63c0c563d1d928954592d6cbf687de7aa3845031e04b97947d981945a548dc913f1e8779fab83744919bd003086e17cdbda571ec9a39081cdf941d5e516
- SSDEEP
  
  49152:8EfM6VudS4seS0o/OOdGN/RvQ4Zz7Xqu+kHSePJFArmWSmTWLvSfNIuL:8EkW6YCH9NHSePJFEmWWSf
Score

10^/10

cryptbot discovery spyware stealer
- CryptBot
  CryptBot is a C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- Cryptbot family
  cryptbot
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptbotdiscoveryspywarestealer

behavioral2

cryptbotdiscoveryspywarestealer