cryptbot | ec6e099f84fbabe87d76bdfd35ddfd5b152a7cfe76b486d51037bb36d85934bb | Triage

Sharing

General

Target

JaffaCakes118_9176ab071ba35a4ff8c40b9f384f90b0
Size

416KB
Sample

250108-hm8yda1mcj
MD5

9176ab071ba35a4ff8c40b9f384f90b0
SHA1

b8e2e28f7fad66250010c9e7d0f8c0b72e437ded
SHA256

ec6e099f84fbabe87d76bdfd35ddfd5b152a7cfe76b486d51037bb36d85934bb
SHA512

14fda489e409cfbbbb20b5b0147b9b6aa2a2931ce098e27404d5725dc83e16c978d8e777f3ef4c8bba67fc8668a0d55a3a65a73ed4bc47a1081391b6222577e8
SSDEEP

12288:suGaGJ8PJd5cBUvoD+e/i2Nse4UpdQyxTl4KlS+T:s6CoJbcB9i3erxTl4

Score

10^/10

cryptbot discovery spyware stealer

Malware Config

Extracted

Family

cryptbot

C2

cemnba72.top

morvuy07.top

Attributes

payload_url
http://bojpyv10.top/download.php?file=lv.exe

Targets

- Target
  
  JaffaCakes118_9176ab071ba35a4ff8c40b9f384f90b0
- Size
  
  416KB
- MD5
  
  9176ab071ba35a4ff8c40b9f384f90b0
- SHA1
  
  b8e2e28f7fad66250010c9e7d0f8c0b72e437ded
- SHA256
  
  ec6e099f84fbabe87d76bdfd35ddfd5b152a7cfe76b486d51037bb36d85934bb
- SHA512
  
  14fda489e409cfbbbb20b5b0147b9b6aa2a2931ce098e27404d5725dc83e16c978d8e777f3ef4c8bba67fc8668a0d55a3a65a73ed4bc47a1081391b6222577e8
- SSDEEP
  
  12288:suGaGJ8PJd5cBUvoD+e/i2Nse4UpdQyxTl4KlS+T:s6CoJbcB9i3erxTl4
Score

10^/10

cryptbot discovery spyware stealer
- CryptBot
  CryptBot is a C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- Cryptbot family
  cryptbot
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptbotdiscoveryspywarestealer

behavioral2

cryptbotdiscoveryspywarestealer