Analysis
-
max time kernel
147s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
26/03/2025, 07:00
General
-
Target
131d6fb9204ceda508075afce9b9b65e429952674e914d224268deb319a0aab1.exe
-
Size
305KB
-
MD5
4309f4b4bb455f998d1fdf310cd83484
-
SHA1
4ee10072d4dff28efcd64d8dcd631760868d644b
-
SHA256
131d6fb9204ceda508075afce9b9b65e429952674e914d224268deb319a0aab1
-
SHA512
3d730ec6e3b385a69fa62634f4776e98327bc8f5da6330b109d3de5b37339dcb97cf9bf489c548de23f6ff71b115e921d5179cf2606eba61783851462ba807bf
-
SSDEEP
6144:zWmk/wokUNpuDoAVUx99rpABXHxjdgwJids6m+8suhyiP:NswuNpQv299rpAVHxJgw0dsp+dTiP
Malware Config
Extracted
cryptbot
befqlo52.top
mortos05.top
-
payload_url
http://mincir07.top/download.php?file=lv.exe
Signatures
-
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Cryptbot family
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes
-
C:\Users\Admin\AppData\Local\Temp\131d6fb9204ceda508075afce9b9b65e429952674e914d224268deb319a0aab1.exe"C:\Users\Admin\AppData\Local\Temp\131d6fb9204ceda508075afce9b9b65e429952674e914d224268deb319a0aab1.exe"1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
50KB
MD5e30e3072d60e0bf9b06ee0eea756f583
SHA104a0acd7d0007ecb1df30952937993b9aa6660d5
SHA256096b598c3436b0cae479fae5758365e54350d604374e23e20c8ab39145392356
SHA512646aafc30747e27055f71bd99a35c902bd110d14fa1dd538761df7bff95c97528bc11d1ad8bd33bb20d9cfd7522c0d34ca2c5f7d4e52cdc3878ae09134936f90
-
Filesize
2KB
MD54096e5d8ff73b06c01c040880de160c7
SHA1d276b490c7852b674e8fec127bdadd0cbb7e2497
SHA2565011058c2c2eacba429cf3d39ac0a0049cc4d4b6e006e48c1732fad5db58208f
SHA51270d08892cb1df62869f6f3e8283866abd1120a7bd1b39b84bba9f495c814e51038e46bea5cdc2994daf6a3911cadb2f9adf38a4531fb877d4ad54092c23e1013
-
Filesize
2KB
MD52fad4b84c7bff220d63d60d72b49de86
SHA17cccba807cf8b9c5cc0455e3c972c6e34b4c7b2d
SHA2561276f3f4b3f2b7eb1f49c6de2fa149194ed42ca76f32a2bf23b542d1365eae25
SHA512d2643507f8866c1413fba50c8f4aa389d494af711c57e809660f9d2c809595b716b0f9387e516ed8de684ef22ed5298d3313b69fdfc85aefdfc805693b2a50cd
-
Filesize
4KB
MD594939def44eacd4d52451d6c64da8657
SHA18429d30e1d455f1cd27097e25ca11dfb56645b6b
SHA256a77f2abebe1cd28a631198d52d4ae4d5a627ce090e348587690b5f374fc17bf1
SHA512cbbda497f649661d6e4a360ee17bac423464f78c3af4d513942a3e8cdba824648eba40f79c0b68f826c28816d6dee7c23764465175c5f8a90a0514656f34c065
-
Filesize
55KB
MD5c9b393fb58dc9c3cd6fd9bfef5a18f2b
SHA1d64f1f3f2d95b0748a5248a06852713685b33239
SHA256ac9fbc83cad0f131866dd1d2c8612d271bec8f60f00d52a0f58cfcd9399197b1
SHA51255cc9993bce6dd411eef47a48a387534b6ab8ff10f8ef29c4af3de76985ed4087325c57a422abe93a54088b0e28546d41d8a40d50a7c340faef51427bf40fc3b
-
Filesize
39.5MB
-
Filesize
1024KB
-
Filesize
1024KB
-
Filesize
276KB
-
Filesize
39.5MB
-
Filesize
288KB
-
Filesize
39.5MB
-
Filesize
276KB
-
Filesize
288KB
-
Filesize
39.5MB
-
Filesize
39.5MB
-
Filesize
39.5MB
-
Filesize
39.5MB
-
Filesize
39.5MB
-
Filesize
39.5MB
-
Filesize
39.5MB
-
Filesize
39.5MB
-
Filesize
39.5MB
-
Filesize
39.5MB
-
Filesize
39.5MB
