Overview

overview

10

Static

static

10

start-this-822.exe

windows7-x64

10

start-this-822.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    start-this-822.exe

  • Size

    7.3MB

  • Sample

    250208-vb8vfsxlgj

  • MD5

    e679f9c1e2e187bc712ec3b83c6c2347

  • SHA1

    375793e3d8c49187cc3ae4e89d2ffe8d0eb82112

  • SHA256

    7f1866e114a151362b538758b913a10dc2f9096694ed92aba0f9ccc062c95975

  • SHA512

    6fe19de8e95e1b8735b3439dff660f41ecb5e410722ac7c262f378527cdd6704122e74dcc9544fc22204a91fa8ea97a53630b363731939b00f082c68ea1dd65a

  • SSDEEP

    49152:8e8hlel6VgC3pdHE+sc/b1woQytiXXcv6PPMf9P7WEg3TNytXW/hsE6u/Kob6UyR:8/S6VxdkwbKoDtWcCPUFTWDYuKnyz83

Score
10/10
cryptbotdefense_evasiondiscoveryspywarestealer

Malware Config

Extracted

Family

cryptbot

C2

http://home.twentpp20vs.top/DiBdPbvuEcmcmIPLLqMm10

Targets

    • Target

      start-this-822.exe

    • Size

      7.3MB

    • MD5

      e679f9c1e2e187bc712ec3b83c6c2347

    • SHA1

      375793e3d8c49187cc3ae4e89d2ffe8d0eb82112

    • SHA256

      7f1866e114a151362b538758b913a10dc2f9096694ed92aba0f9ccc062c95975

    • SHA512

      6fe19de8e95e1b8735b3439dff660f41ecb5e410722ac7c262f378527cdd6704122e74dcc9544fc22204a91fa8ea97a53630b363731939b00f082c68ea1dd65a

    • SSDEEP

      49152:8e8hlel6VgC3pdHE+sc/b1woQytiXXcv6PPMf9P7WEg3TNytXW/hsE6u/Kob6UyR:8/S6VxdkwbKoDtWcCPUFTWDYuKnyz83

    Score
    10/10
    cryptbotdefense_evasiondiscoveryspywarestealer

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

      spywarestealercryptbot

    • Cryptbot family

      cryptbot

    • Enumerates VirtualBox registry keys

      defense_evasion

    • Downloads MZ/PE file

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks