Overview

overview

10

Static

static

10

start-this-970.exe

windows10-ltsc 2021-x64

10

start-this-970.exe

windows11-21h2-x64

10

start-this-970.exe

windows7-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    start-this-970.exe

  • Size

    6.7MB

  • Sample

    250208-t5z9qswrhq

  • MD5

    ab8fb3d427509b37c89ffe0fbbc57d38

  • SHA1

    b32875a7faff727fc4fe55f41dc0c7e008121206

  • SHA256

    edf2c8f079ea86db42b12764171511feadcfb170839dd1b2af48b408e9b75121

  • SHA512

    6664b54f1f70b6f76e26937a86ac79063e6c1fb56e05c20b95f4907370bd0475c21bc5793d46d469220c3855a31b104e7af1fe9b8b09fabcc2b5847cbd528d4e

  • SSDEEP

    98304:+xeYKidEXPSBbcjugDZAvaR9KA1bARKIyz8G:p06qquQBgGARLG8G

Score
10/10
cryptbotdefense_evasiondiscoveryspywarestealer

Malware Config

Extracted

Family

cryptbot

C2

http://home.fivepp5vs.top/okiTYPLyKWYZPZSDUdDR17

Targets

    • Target

      start-this-970.exe

    • Size

      6.7MB

    • MD5

      ab8fb3d427509b37c89ffe0fbbc57d38

    • SHA1

      b32875a7faff727fc4fe55f41dc0c7e008121206

    • SHA256

      edf2c8f079ea86db42b12764171511feadcfb170839dd1b2af48b408e9b75121

    • SHA512

      6664b54f1f70b6f76e26937a86ac79063e6c1fb56e05c20b95f4907370bd0475c21bc5793d46d469220c3855a31b104e7af1fe9b8b09fabcc2b5847cbd528d4e

    • SSDEEP

      98304:+xeYKidEXPSBbcjugDZAvaR9KA1bARKIyz8G:p06qquQBgGARLG8G

    Score
    10/10
    cryptbotdefense_evasiondiscoveryspywarestealer

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

      spywarestealercryptbot

    • Cryptbot family

      cryptbot

    • Enumerates VirtualBox registry keys

      defense_evasion

    • Downloads MZ/PE file

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks