cryptbot | e366497c19208fe45bd04dd3d83f4ec71108b2cefeb4fdaeb60e139743c8bb40

Analysis

max time kernel
151s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-03-2024 16:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0aa3cc98fae581989a1d69e57072983f_JaffaCakes118.exe
Size

373KB
MD5

0aa3cc98fae581989a1d69e57072983f
SHA1

03021b6bf23e45c1347ac4218bd6779c13cab6e0
SHA256

e366497c19208fe45bd04dd3d83f4ec71108b2cefeb4fdaeb60e139743c8bb40
SHA512

38af56fad8cd899fea9485c40060a5f18a56042c4ecee8c2482cd54bc5724986ae2d8846eb52a3d91e9e637c6ee211bf94b3b8a3f0d6d5090f6155f59282d03f
SSDEEP

6144:7x/0+kiruab/C8fEjlb5rh7o18WIdLGhixXBpqX7tNfVXVHQLIiu8cfo0/pW:7N0+tuabFulbdIpIdCoxXTwZGEX8cA0U

Score

10^/10

cryptbot discovery spyware stealer

Malware Config

Extracted

Family

cryptbot

veoqkb22.top

morpib02.top

Attributes

payload_url
http://tyncel11.top/download.php?file=lv.exe

Signatures

CryptBot
A C++ stealer distributed widely in bundle with other software.
spyware stealer cryptbot
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

0aa3cc98fae581989a1d69e57072983f_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	0aa3cc98fae581989a1d69e57072983f_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	0aa3cc98fae581989a1d69e57072983f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0aa3cc98fae581989a1d69e57072983f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0aa3cc98fae581989a1d69e57072983f_JaffaCakes118.exe"
1⤵
- Checks processor information in registry
PID:4512

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rfsdbjaJvNLRs\HOjICucxSmQk.zip
Filesize
540KB

MD5
a8eeb42b136a62b71df67003708d6028

SHA1
3a1b7442d136e8ea9313f67ca6d10f614aa6fd5b

SHA256
105b9c51dc43de093f560c9decf6b70faabd49a9f0b745b794cfd55335c7c36b

SHA512
6fe2db45d554daab8e7693602fafd40d8120e04045faf1d90bd8bf2779d751b1871b61557637b664e82beaed830eb9dd1d0259a52baf676f6490d72c04517b8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\rfsdbjaJvNLRs\_Files\_Files\InstallSync.txt
Filesize
488KB

MD5
88eb46cfbd698c221447a500302beb9b

SHA1
aa72fd63b785dd042698290aca44db35806c54bb

SHA256
4f423fb44331d6064ceb90668d75c15fb5caf9100e31e967c82452c5dabed05a

SHA512
a3f047c326964f267b9caeee3f14546a9cb0827c3eef1ada9cd1cdf4520ec08cbbbb7c05581a4bd4595dc5338925ea6be058a37e243b8852fd960a4502b44eda

Download Submit
C:\Users\Admin\AppData\Local\Temp\rfsdbjaJvNLRs\_Files\_Information.txt
Filesize
1KB

MD5
eb39a13850e3f0b3d01db929afe4d832

SHA1
efb6ce5b56fe21d117f1a04705c9adebe0042641

SHA256
36f2ed7ab0ce2c76ac8a4a88c01ddcefcad360763089380f1b597ef8c78d1810

SHA512
b95b317dcfa63959afe417f19bdb5d941fcd14a9671c41b9fa9cf6e03021f1bd2740e0149cd16e184bbec90c46c2c2875387dcfa5bc276da400dac45ee25863f

Download Submit
C:\Users\Admin\AppData\Local\Temp\rfsdbjaJvNLRs\_Files\_Information.txt
Filesize
7KB

MD5
b90555d3b16b3cf04c254d71d39e678b

SHA1
0a70962ba066f72d305bb24a8faa8da99d993ace

SHA256
67c20ffb04446ad9742d8d1efff47fe281f2f83502904a678e2f70587ac7e484

SHA512
e9552db5d2eb74e18cbb9cfb3f2b7fad4d15ceabd89ed22cc23770e74c8bd54f04f73b19bc95697b11e5811e4e34762130237ec9b946e73c57442a89950fc465

Download Submit
C:\Users\Admin\AppData\Local\Temp\rfsdbjaJvNLRs\_Files\_Screen_Desktop.jpeg
Filesize
57KB

MD5
b7b2e6d7759e793f4d615a13035ce2f1

SHA1
b43c94fb44b1fb3bae05b2dac9976228b84110d7

SHA256
e635d415097651b20e04cb6e75a2f2c0ea9d166740271412a7754b0197f07b1d

SHA512
b48051d51cc1ab8efe53c15b47e13b2a82aad9f1b4ab2b5295c57d000cc5fe2bf7e93d630abedb6d688e67158ff4ea0d4e1299cf0ea5f20e0cb594f03129ff07

Download Submit
memory/4512-124-0x0000000000400000-0x0000000002F25000-memory.dmp

Filesize
43.1MB

Download
memory/4512-131-0x0000000000400000-0x0000000002F25000-memory.dmp

Filesize
43.1MB

Download
memory/4512-3-0x0000000000400000-0x0000000002F25000-memory.dmp

Filesize
43.1MB

Download
memory/4512-119-0x0000000000400000-0x0000000002F25000-memory.dmp

Filesize
43.1MB

Download
memory/4512-122-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/4512-123-0x0000000004C70000-0x0000000004CB5000-memory.dmp

Filesize
276KB

Download
memory/4512-2-0x0000000004C70000-0x0000000004CB5000-memory.dmp

Filesize
276KB

Download
memory/4512-1-0x00000000032B0000-0x00000000033B0000-memory.dmp

Filesize
1024KB

Download
memory/4512-127-0x0000000000400000-0x0000000002F25000-memory.dmp

Filesize
43.1MB

Download
memory/4512-113-0x0000000000400000-0x0000000002F25000-memory.dmp

Filesize
43.1MB

Download
memory/4512-134-0x0000000000400000-0x0000000002F25000-memory.dmp

Filesize
43.1MB

Download
memory/4512-137-0x0000000000400000-0x0000000002F25000-memory.dmp

Filesize
43.1MB

Download
memory/4512-140-0x0000000000400000-0x0000000002F25000-memory.dmp

Filesize
43.1MB

Download
memory/4512-144-0x0000000000400000-0x0000000002F25000-memory.dmp

Filesize
43.1MB

Download
memory/4512-148-0x0000000000400000-0x0000000002F25000-memory.dmp

Filesize
43.1MB

Download
memory/4512-151-0x0000000000400000-0x0000000002F25000-memory.dmp

Filesize
43.1MB

Download
memory/4512-154-0x0000000000400000-0x0000000002F25000-memory.dmp

Filesize
43.1MB

Download
memory/4512-157-0x0000000000400000-0x0000000002F25000-memory.dmp

Filesize
43.1MB

Download
memory/4512-161-0x0000000000400000-0x0000000002F25000-memory.dmp

Filesize
43.1MB

Download