cryptbot | fc79c3c3b0d705e0648d493c8aac851f40fcf8dc2cacdc163f9cc237dc821255

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29-03-2024 13:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22dccb5bba83abd89502fafda108b0ce_JaffaCakes118.exe
Size

422KB
MD5

22dccb5bba83abd89502fafda108b0ce
SHA1

b1398ba3766f4514cc039de8cb5142fe67572c27
SHA256

fc79c3c3b0d705e0648d493c8aac851f40fcf8dc2cacdc163f9cc237dc821255
SHA512

92bd11b940f02892254227f9c7ed3b241449af6d19e64646121f418a105f7310cf39fada199a92daf06a0f7a184c65d768e13f1fd6f851db85b9acaefd8537fb
SSDEEP

6144:xLIiVgoGRuKEpcHCTavdmnulKg+z89Hu2cP0gzUE4rzxD1T3BxiXna:jurfEpciTaVHX+z0HbTgzUdrzXT3Bxs

Score

10^/10

cryptbot discovery spyware stealer

Malware Config

Extracted

Family

cryptbot

befhns72.top

moralv07.top

Attributes

payload_url
http://minets10.top/download.php?file=lv.exe

Signatures

CryptBot
A C++ stealer distributed widely in bundle with other software.
spyware stealer cryptbot
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

22dccb5bba83abd89502fafda108b0ce_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	22dccb5bba83abd89502fafda108b0ce_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	22dccb5bba83abd89502fafda108b0ce_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\22dccb5bba83abd89502fafda108b0ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\22dccb5bba83abd89502fafda108b0ce_JaffaCakes118.exe"
1⤵
- Checks processor information in registry
PID:4804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4004 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
1⤵
PID:3148

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\NPUAGyEbDJltJ\_Files\_Information.txt
Filesize
1KB

MD5
129dcab421a6b838ee5334ab39b9f47e

SHA1
1e3e6ed4287d30be7b815e2c11ea3467937f5516

SHA256
fecf71c82bc4aa3315b0ab6be25cf66eb3c721fa818510cee2b1231e5c03490c

SHA512
4fe0e95861513ac7a1d4325f087a4505fcc0819b202f0655d7bf801af4915ff937738e71f8e8d7b371cffe717890a3d33ca40b5676b2b14bce904057ea5c391d

Download Submit
C:\Users\Admin\AppData\Local\Temp\NPUAGyEbDJltJ\_Files\_Information.txt
Filesize
7KB

MD5
4ca8151414832ff9ba5cb89b89d811d1

SHA1
0a81aa5cdabbf80f365ca8c2ee6e181152d05df5

SHA256
ecc143533ba4b71a24964d4a40a1b3c00caca256bb7fa1c8780f2b0544e5a8d1

SHA512
bdc187bbdc3f7bc2cbcdd34cc078c863f953452593430ab999fadde475a99e3870e45606156128e38f928294f6eb78a9f9ae502c766cae9a311d55c9e5924fcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\NPUAGyEbDJltJ\_Files\_Screen_Desktop.jpeg
Filesize
51KB

MD5
1e80798b76778804acbc25edb9905d20

SHA1
66a7899c96f3ed022baa461e4161f0c6a3746596

SHA256
137b9f7419b114154db59919da38768dd2e42e90050ef3a3464591a2fbfc0a51

SHA512
39d1edd9153d7cfea2d1b850c304b648c8ab81571eee0b7711795f582a0ac7a1cd20f318cd24f89439c60f8dab19e2fc0aa055000f633d230faf1657e6bdc565

Download Submit
C:\Users\Admin\AppData\Local\Temp\NPUAGyEbDJltJ\dRKUYZxkGckym.zip
Filesize
45KB

MD5
0f5f5d0749dcaf5b7220dc19eec062e0

SHA1
4a67e837ecc95b818ca6b9fb95a4aa145623c11e

SHA256
594814007676e154846b1401596ab715e4cb00ab6d307f9c1bc601925242d850

SHA512
1d1c405e41017d86dcce8f5c7d6b1a975602c1bd90279bed6eb3b1fcf07f71c0006391026be3c294a902b1844fd142f90a16306dd84e228629036ef40623f816

Download Submit
memory/4804-110-0x0000000000400000-0x00000000016DD000-memory.dmp

Filesize
18.9MB

Download
memory/4804-125-0x0000000000400000-0x00000000016DD000-memory.dmp

Filesize
18.9MB

Download
memory/4804-1-0x0000000001810000-0x0000000001910000-memory.dmp

Filesize
1024KB

Download
memory/4804-116-0x0000000000400000-0x00000000016DD000-memory.dmp

Filesize
18.9MB

Download
memory/4804-117-0x0000000001810000-0x0000000001910000-memory.dmp

Filesize
1024KB

Download
memory/4804-119-0x0000000003430000-0x0000000003475000-memory.dmp

Filesize
276KB

Download
memory/4804-121-0x0000000000400000-0x00000000016DD000-memory.dmp

Filesize
18.9MB

Download
memory/4804-122-0x0000000000400000-0x00000000016DD000-memory.dmp

Filesize
18.9MB

Download
memory/4804-2-0x0000000003430000-0x0000000003475000-memory.dmp

Filesize
276KB

Download
memory/4804-3-0x0000000000400000-0x00000000016DD000-memory.dmp

Filesize
18.9MB

Download
memory/4804-127-0x0000000000400000-0x00000000016DD000-memory.dmp

Filesize
18.9MB

Download
memory/4804-131-0x0000000000400000-0x00000000016DD000-memory.dmp

Filesize
18.9MB

Download
memory/4804-133-0x0000000000400000-0x00000000016DD000-memory.dmp

Filesize
18.9MB

Download
memory/4804-136-0x0000000000400000-0x00000000016DD000-memory.dmp

Filesize
18.9MB

Download
memory/4804-140-0x0000000000400000-0x00000000016DD000-memory.dmp

Filesize
18.9MB

Download
memory/4804-142-0x0000000000400000-0x00000000016DD000-memory.dmp

Filesize
18.9MB

Download
memory/4804-145-0x0000000000400000-0x00000000016DD000-memory.dmp

Filesize
18.9MB

Download
memory/4804-148-0x0000000000400000-0x00000000016DD000-memory.dmp

Filesize
18.9MB

Download
memory/4804-151-0x0000000000400000-0x00000000016DD000-memory.dmp

Filesize
18.9MB

Download
memory/4804-154-0x0000000000400000-0x00000000016DD000-memory.dmp

Filesize
18.9MB

Download