Overview

overview

10

Static

static

10

whiteshadow123.exe

windows7-x64

10

whiteshadow123.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    whiteshadow123.exe

  • Size

    7.6MB

  • Sample

    250209-wzkcfaynbk

  • MD5

    53d48938c0ec850eb316cf433ecfc045

  • SHA1

    4415a85e1376c1a8f6661a2cc9d23ec06557d176

  • SHA256

    f63f7d8db3ae8ed7448672263cf9333e8b867bdba7a30d73cf3966cfd8a8a909

  • SHA512

    21a69b5969f95e4dfd404e6c415ec502282f4e54aa73c0752a29af52bdbf603837ddab640bca47c317f391f91a5f60818d5f06662c600f5e01e43e2473408c99

  • SSDEEP

    49152:fzHJcgg9WcnmdpY+RQCcUVTTyXcrlogXIu9zt8e1fW8hu4ARsmK2bOAPyz8bWP8y:fzSmcnJ+GKtGcRosIUz1SrKkyz8w

Score
10/10
cryptbotdefense_evasiondiscoveryspywarestealer

Malware Config

Extracted

Family

cryptbot

C2

http://home.twelve12vs.top/AvWHJxAVCxPehbRictmJ10

Targets

    • Target

      whiteshadow123.exe

    • Size

      7.6MB

    • MD5

      53d48938c0ec850eb316cf433ecfc045

    • SHA1

      4415a85e1376c1a8f6661a2cc9d23ec06557d176

    • SHA256

      f63f7d8db3ae8ed7448672263cf9333e8b867bdba7a30d73cf3966cfd8a8a909

    • SHA512

      21a69b5969f95e4dfd404e6c415ec502282f4e54aa73c0752a29af52bdbf603837ddab640bca47c317f391f91a5f60818d5f06662c600f5e01e43e2473408c99

    • SSDEEP

      49152:fzHJcgg9WcnmdpY+RQCcUVTTyXcrlogXIu9zt8e1fW8hu4ARsmK2bOAPyz8bWP8y:fzSmcnJ+GKtGcRosIUz1SrKkyz8w

    Score
    10/10
    cryptbotdefense_evasiondiscoveryspywarestealer

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

      spywarestealercryptbot

    • Cryptbot family

      cryptbot

    • Enumerates VirtualBox registry keys

      defense_evasion

    • Downloads MZ/PE file

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks