cryptbot | 2196-528-0x0000000000CE0000-0x0000000001944000-memory[.]dmp | Triage

Sharing

General

Target

2196-528-0x0000000000CE0000-0x0000000001944000-memory.dmp
Size

12.4MB
MD5

22315ad59d104cb2ef17edb5d4281104
SHA1

9646c59ac453ed8a58d60885ca16a522cba517ca
SHA256

76c09aff2ae3b8a89a5cdb90fbc642a45573f9c6cf1348959bee7b2b3725e8f2
SHA512

b79f26834b36ec2429560aa968e0c8c9f8618dd7f2aecd6d94cb49915825a336b3bbddb89ab7a27d160f05db297d038cc346668764391e4a7c730b147930e16a
SSDEEP

98304:E0mUM7L2Bc07DYsWXbK57K62QMRR4lA0AWNftVv2V7dm9D/4ija7X9D1C:dSqP/F73ftVOV7s9laphC

Score

10^/10

spyware stealer cryptbot

Malware Config

Extracted

Family

cryptbot

Signatures

Cryptbot family
cryptbot

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
sample	embeds_openssl

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2196-528-0x0000000000CE0000-0x0000000001944000-memory.dmp

Files

2196-528-0x0000000000CE0000-0x0000000001944000-memory.dmp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

Size: 2.5MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

aqvtbplo
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fixzxdaf
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE