Overview

overview

10

Static

static

3

Set-up.exe

windows7-x64

10

Set-up.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    #~△~!Late$t_SetUP_-▽9192▽_~PA$Sw0rd$$~oPen~△~#.rar

  • Size

    21.6MB

  • Sample

    250128-q8d9wstman

  • MD5

    ae4e9ce17338b5afd583ef5890bb2b0d

  • SHA1

    08bab1f6b0ad1338e1e487ab6dec13f677252355

  • SHA256

    614f61870a8a952f8c44ac3b8de942c0980785a6d3fa3d2edcdeb2795bd0d94a

  • SHA512

    d114c16abcde2d9c32cb46dbcd8e01f456bed56d8b174aa15c300b50895c6a8eace3d5e6d04bed409b1a63339ae015dd3b404aa4302a85c59665a311c3aad3aa

  • SSDEEP

    393216:F4OeVUZgAoZblJuCJ5WuvyHqiEVp4WJjBlYOmxCErPUNRZGWEyqBVG:F4OeeGA+v3JwuvUqDVhjBYCd/Z6VG

Score
10/10
cryptbotdiscoveryspywarestealer

Malware Config

Extracted

Family

cryptbot

C2

ninetgh19sb.top

Attributes
  • url_path

    /v1/upload.php

Targets

    • Target

      Set-up.exe

    • Size

      6.4MB

    • MD5

      682bb44ad35cae0ba8fc96ed3bde9c0e

    • SHA1

      7d5a5db900e6489c28979d7d0d5cf7da7b33349f

    • SHA256

      5465b6313f46a6c5c35b250cdeb25d47526f9725b9b1ccd4d2567c891cb94887

    • SHA512

      21504c64481e59079c0b35314b89446cdec1f1e1bdefb9bf05f27faf1cd3be5b87e16a635deb689d5c87436ee3c2b890215dfe3503fe157c57e4256abb0b1d73

    • SSDEEP

      98304:Y1fJzNiaJgrzQfD98nrTNedCB8TcXXJuek8T:Y1xzNnJgIGTgEBawZe8T

    Score
    10/10
    cryptbotdiscoveryspywarestealer

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

      spywarestealercryptbot

    • Cryptbot family

      cryptbot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks