General
-
Target
ca2a0cd08981d9fe400184a043bf531d
-
Size
663KB
-
Sample
240315-b6tjgade6z
-
MD5
ca2a0cd08981d9fe400184a043bf531d
-
SHA1
3461b552394b7985cae6f726451487454155cd94
-
SHA256
3b4d029184db5bdfd6185f67c08573dcac79eeb6462ecaceaa6327b78e70687c
-
SHA512
08e3c62f188b31241e87f6e0d44d76d1d45f810089a0a9b9c522fc614264264053be67392cec59784e1433d9db7eddda5699742a91625fb77b518149be8cc72e
-
SSDEEP
12288:51pkqdfZJm9pCess+P6o0d1jablVVJI5Mwg62meTWe7SIMP5Q:5hk9pCeZvAhIywghae7YS
Static task
static1
Behavioral task
behavioral1
Sample
ca2a0cd08981d9fe400184a043bf531d.exe
Resource
win7-20240221-en
Malware Config
Extracted
cryptbot
ewawtm26.top
morzup02.top
-
payload_url
http://winqoz02.top/download.php?file=lv.exe
Targets
-
-
Target
ca2a0cd08981d9fe400184a043bf531d
-
Size
663KB
-
MD5
ca2a0cd08981d9fe400184a043bf531d
-
SHA1
3461b552394b7985cae6f726451487454155cd94
-
SHA256
3b4d029184db5bdfd6185f67c08573dcac79eeb6462ecaceaa6327b78e70687c
-
SHA512
08e3c62f188b31241e87f6e0d44d76d1d45f810089a0a9b9c522fc614264264053be67392cec59784e1433d9db7eddda5699742a91625fb77b518149be8cc72e
-
SSDEEP
12288:51pkqdfZJm9pCess+P6o0d1jablVVJI5Mwg62meTWe7SIMP5Q:5hk9pCeZvAhIywghae7YS
-
CryptBot payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-