General
-
Target
de75c9017b6fdd5828f4a35a695315eb
-
Size
557KB
-
Sample
240325-t6gh1sda99
-
MD5
de75c9017b6fdd5828f4a35a695315eb
-
SHA1
bf56f57bb177b06d4e753e4fc90c3058373ee856
-
SHA256
1a91d549b5e7514f60f5c1c6c2f79d9193397f17b63aa3b5713d161eb715f90d
-
SHA512
476143fcb06113b18c0f792112e08b5cabb69d4d5163384826bcd6683cd648172ccea9d282fde98b7f49227d6d43c10bd4a0a73381511c8081b36943a35df030
-
SSDEEP
12288:/+VqCuDL0MP6QVpIbu9go/veTCVo6hzJ1P45WO3i:/JCmNJISiun66545ti
Static task
static1
Behavioral task
behavioral1
Sample
de75c9017b6fdd5828f4a35a695315eb.exe
Resource
win7-20240221-en
Malware Config
Extracted
cryptbot
lyspoh51.top
morecj05.top
-
payload_url
http://damyeb07.top/download.php?file=lv.exe
Targets
-
-
Target
de75c9017b6fdd5828f4a35a695315eb
-
Size
557KB
-
MD5
de75c9017b6fdd5828f4a35a695315eb
-
SHA1
bf56f57bb177b06d4e753e4fc90c3058373ee856
-
SHA256
1a91d549b5e7514f60f5c1c6c2f79d9193397f17b63aa3b5713d161eb715f90d
-
SHA512
476143fcb06113b18c0f792112e08b5cabb69d4d5163384826bcd6683cd648172ccea9d282fde98b7f49227d6d43c10bd4a0a73381511c8081b36943a35df030
-
SSDEEP
12288:/+VqCuDL0MP6QVpIbu9go/veTCVo6hzJ1P45WO3i:/JCmNJISiun66545ti
-
CryptBot payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-