General
-
Target
c3c559e832052bbf33f52f6f8b0ff086
-
Size
701KB
-
Sample
240312-tgrmpafb85
-
MD5
c3c559e832052bbf33f52f6f8b0ff086
-
SHA1
23477b75572d17b1d47b9670862aa174fb55d166
-
SHA256
838edfe6cbf7b8fb1f0d3d99535f15ef22b651fa82a9f31a50c3cae435a0af0c
-
SHA512
2a1e3e9676b103d23947b2271059f59f0bd71559071805f8650c6a27168016cff791ec3c7f2102740b1e1b9a6c5f34775a9a58d2ae3215f9bf386827d9da4583
-
SSDEEP
12288:2mSxZQAOMrb0dAmfaRyCeBroJrL4ydQGgjSRClCgABPAi:2mPAOMcd2y5Z6rL4v59QBPA
Static task
static1
Behavioral task
behavioral1
Sample
c3c559e832052bbf33f52f6f8b0ff086.exe
Resource
win7-20240221-en
Malware Config
Extracted
cryptbot
smauvo62.top
mortuh06.top
-
payload_url
http://gurswi09.top/download.php?file=lv.exe
Targets
-
-
Target
c3c559e832052bbf33f52f6f8b0ff086
-
Size
701KB
-
MD5
c3c559e832052bbf33f52f6f8b0ff086
-
SHA1
23477b75572d17b1d47b9670862aa174fb55d166
-
SHA256
838edfe6cbf7b8fb1f0d3d99535f15ef22b651fa82a9f31a50c3cae435a0af0c
-
SHA512
2a1e3e9676b103d23947b2271059f59f0bd71559071805f8650c6a27168016cff791ec3c7f2102740b1e1b9a6c5f34775a9a58d2ae3215f9bf386827d9da4583
-
SSDEEP
12288:2mSxZQAOMrb0dAmfaRyCeBroJrL4ydQGgjSRClCgABPAi:2mPAOMcd2y5Z6rL4v59QBPA
-
CryptBot payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-