General
-
Target
5c41a08eabd0556a0f493ef5b1554437a15880a8da4fa9290eca5b5f1e91a975.zip
-
Size
217KB
-
Sample
250326-d39gmazpx2
-
MD5
e9498c5a5bb6302dd8466bd6543292bf
-
SHA1
0d868e9641771866a225f7265477b74adddd7098
-
SHA256
5c41a08eabd0556a0f493ef5b1554437a15880a8da4fa9290eca5b5f1e91a975
-
SHA512
8a2b6d1c6add5a8f899aa1f7b53300e6df5048915fbab731c519f8f0ece15fcd32bfa3bdf735fa30a61a88655ceb54a956847b1620185e69b60dc38ea96e2875
-
SSDEEP
6144:zF4Vc2gHbX8+I5viMXxtG7YQu47+M2D8OKHeS:54VkHbM/i0uuULY1KHf
Malware Config
Extracted
cryptbot
befyum42.top
morkoe04.top
-
payload_url
http://mindoi05.top/download.php?file=lv.exe
Targets
-
-
Target
6dbc5053ef73f361771e017473f9d53b9df951cc9e0f1d31e1218033160f2b5a.exe
-
Size
361KB
-
MD5
724e8026fcd687cbd7808408ffbdd3ab
-
SHA1
d9243d3b0aa7a8d6b58b7f6f7065c9e55d4fcb34
-
SHA256
6dbc5053ef73f361771e017473f9d53b9df951cc9e0f1d31e1218033160f2b5a
-
SHA512
28b183e5b55f2e6d57d33b571119400f149910077156b5ecd46cef95b6b6ec1e449bba05f4e2a61948d2ea55b667982e0b8a7e2f339ef7c7ac1f34fe437fc6a3
-
SSDEEP
6144:haYcHyGtkpjwwj9azy/DcWWrktaxJwPR3:gTHXt279+y/DcWWrFxJM
Score10/10-
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Cryptbot family
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-