General
-
Target
cf71ab0bd18cc435f523a4b4689dd151
-
Size
1.4MB
-
Sample
240317-ajzxasaa2v
-
MD5
cf71ab0bd18cc435f523a4b4689dd151
-
SHA1
298d1a328a750806c98e15d77311d8b13f1e33b2
-
SHA256
96a7c960b4cbfd923362ec7f79fd3f115db97633d6612c55ae8a1365db134405
-
SHA512
58b0dd649c761ae468d5687427c8cd71b8c5f0829c750927e66e11a52637a0de3626a6beba5df0ace6e2c53df6454c83ebd070d0e9dfc123a427c574cb5db7b8
-
SSDEEP
24576:CamFPKGsh4Adtcbi4IuxcriRO5QEST3jQLttKUUsbO4hH1tyt00K4vTd+TGtMl:uPVq4biYcriRO5rST38LfHblH1tytE40
Malware Config
Extracted
cryptbot
haijys18.top
morhas01.top
-
payload_url
http://zelcax01.top/download.php?file=lv.exe
Targets
-
-
Target
cf71ab0bd18cc435f523a4b4689dd151
-
Size
1.4MB
-
MD5
cf71ab0bd18cc435f523a4b4689dd151
-
SHA1
298d1a328a750806c98e15d77311d8b13f1e33b2
-
SHA256
96a7c960b4cbfd923362ec7f79fd3f115db97633d6612c55ae8a1365db134405
-
SHA512
58b0dd649c761ae468d5687427c8cd71b8c5f0829c750927e66e11a52637a0de3626a6beba5df0ace6e2c53df6454c83ebd070d0e9dfc123a427c574cb5db7b8
-
SSDEEP
24576:CamFPKGsh4Adtcbi4IuxcriRO5QEST3jQLttKUUsbO4hH1tyt00K4vTd+TGtMl:uPVq4biYcriRO5rST38LfHblH1tytE40
Score10/10-
CryptBot
A C++ stealer distributed widely in bundle with other software.
-
CryptBot payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-