General
-
Target
8c07387ad12b8c8e0cdd858fc7d478b8_JaffaCakes118
-
Size
400KB
-
Sample
240402-n6sy6ahf65
-
MD5
8c07387ad12b8c8e0cdd858fc7d478b8
-
SHA1
4b63ecaefc737a4b75e2d9b229a37439223d0b53
-
SHA256
eb1fa54f64579a6b83cbadc59fcf34d045dd98d875569fa3876449130a5588be
-
SHA512
f4e5e58477d881a08f62ac10f06a9aebfda01adc966ca46070787da8168394d70bbd57b3960f55a59345bd747b8a1fa9f0c3ad540097215f9d42318b8897c249
-
SSDEEP
6144:SQKYmpSVmhEAnijRxqDEcshKl4u8kCqVCSxHKNCrz:SQ3MSVmiJbrMl4u8kCSxHKN
Malware Config
Extracted
cryptbot
veobav12.top
morysl01.top
-
payload_url
http://tyngle01.top/download.php?file=lv.exe
Targets
-
-
Target
8c07387ad12b8c8e0cdd858fc7d478b8_JaffaCakes118
-
Size
400KB
-
MD5
8c07387ad12b8c8e0cdd858fc7d478b8
-
SHA1
4b63ecaefc737a4b75e2d9b229a37439223d0b53
-
SHA256
eb1fa54f64579a6b83cbadc59fcf34d045dd98d875569fa3876449130a5588be
-
SHA512
f4e5e58477d881a08f62ac10f06a9aebfda01adc966ca46070787da8168394d70bbd57b3960f55a59345bd747b8a1fa9f0c3ad540097215f9d42318b8897c249
-
SSDEEP
6144:SQKYmpSVmhEAnijRxqDEcshKl4u8kCqVCSxHKNCrz:SQ3MSVmiJbrMl4u8kCSxHKN
Score10/10-
CryptBot
A C++ stealer distributed widely in bundle with other software.
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-