General
-
Target
d3e676f57cdeceb6e2f4ce5c9d6895f4
-
Size
557KB
-
Sample
240318-s92gxscd49
-
MD5
d3e676f57cdeceb6e2f4ce5c9d6895f4
-
SHA1
ab18669a32c775d1b60f0891fcc9a45bd6e292ea
-
SHA256
026e42a47493a56d424727c2c795eed50df85924e56d97cefabbe3bbb56897c2
-
SHA512
9e1526b16be20dce00fe6458641c2ce5b4421de2cc3d7084c418dc6908b25b08f1d9afae79979122f55440e8f9318e0742dfea78f4446ece30b5ea7d2f963e00
-
SSDEEP
12288:++VqW+1ZvHg3VrWvAhGMkPwlKMO/oHFdKTArloOYi:+JXHOia7kYlbrKTARwi
Static task
static1
Behavioral task
behavioral1
Sample
d3e676f57cdeceb6e2f4ce5c9d6895f4.exe
Resource
win7-20231129-en
Malware Config
Extracted
cryptbot
lysano52.top
morecj05.top
-
payload_url
http://damyeb07.top/download.php?file=lv.exe
Targets
-
-
Target
d3e676f57cdeceb6e2f4ce5c9d6895f4
-
Size
557KB
-
MD5
d3e676f57cdeceb6e2f4ce5c9d6895f4
-
SHA1
ab18669a32c775d1b60f0891fcc9a45bd6e292ea
-
SHA256
026e42a47493a56d424727c2c795eed50df85924e56d97cefabbe3bbb56897c2
-
SHA512
9e1526b16be20dce00fe6458641c2ce5b4421de2cc3d7084c418dc6908b25b08f1d9afae79979122f55440e8f9318e0742dfea78f4446ece30b5ea7d2f963e00
-
SSDEEP
12288:++VqW+1ZvHg3VrWvAhGMkPwlKMO/oHFdKTArloOYi:+JXHOia7kYlbrKTARwi
-
CryptBot payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-