General
-
Target
cd1cff7553dd48bdc1bcf23e79ae3209
-
Size
543KB
-
Sample
240316-e5ewgaca2w
-
MD5
cd1cff7553dd48bdc1bcf23e79ae3209
-
SHA1
a20239f589de9263c288ad7f99ebf6dc0cb67e7a
-
SHA256
fc2e1b326c66c81a9d3665789981cfe33080c2975a93b8a04e4a7e16b6d86276
-
SHA512
cd6f05a438521ca52a2ba1c7a5d3dcace3100a0d10e83935bca216af7f42666d75ada987b2e3e1d9dc89fc5a709116dfec6e42e14e4cbeab5a8c39d71ca1f04d
-
SSDEEP
12288:aIiqXh6Wn3eBytWoH6OuvNeQKyfArLNCeLH198+Vh4yPEWq8RfRJ298:aIiHW3eHo2v3XIwejXh4Rn8Q98
Static task
static1
Behavioral task
behavioral1
Sample
cd1cff7553dd48bdc1bcf23e79ae3209.exe
Resource
win7-20231129-en
Malware Config
Extracted
cryptbot
knuxua32.top
mornui03.top
-
payload_url
http://sarpuk04.top/download.php?file=lv.exe
Targets
-
-
Target
cd1cff7553dd48bdc1bcf23e79ae3209
-
Size
543KB
-
MD5
cd1cff7553dd48bdc1bcf23e79ae3209
-
SHA1
a20239f589de9263c288ad7f99ebf6dc0cb67e7a
-
SHA256
fc2e1b326c66c81a9d3665789981cfe33080c2975a93b8a04e4a7e16b6d86276
-
SHA512
cd6f05a438521ca52a2ba1c7a5d3dcace3100a0d10e83935bca216af7f42666d75ada987b2e3e1d9dc89fc5a709116dfec6e42e14e4cbeab5a8c39d71ca1f04d
-
SSDEEP
12288:aIiqXh6Wn3eBytWoH6OuvNeQKyfArLNCeLH198+Vh4yPEWq8RfRJ298:aIiHW3eHo2v3XIwejXh4Rn8Q98
-
CryptBot payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-