cryptbot | 1537dcb7140c459eb68c6a8e7feb716244377856bda08f9dac31cb2dcb7318a6

Analysis

max time kernel
150s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04-04-2024 23:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c4c4438fe773e29f031758ecf324106d_JaffaCakes118.exe
Size

373KB
MD5

c4c4438fe773e29f031758ecf324106d
SHA1

322fdaa03edf909708eaacb14e101727100916f2
SHA256

1537dcb7140c459eb68c6a8e7feb716244377856bda08f9dac31cb2dcb7318a6
SHA512

7155861c481d6b41048bf13a24bc3978a4f6fd789738b0fdb297435d5797655c4207fabe763e92dae6a2ed75ae5854b535dc421b527f13ff1bb95e80553a5f5c
SSDEEP

6144:EoSCQXqgN2X9h+IHzt7eSeH9T43rqzncb/2b6QqDpqpOHkbPLQqX7tNfVXVHQLIE:tSCRgN2tJTVETE2DOS6QYpZ4QwZGEX8H

Score

10^/10

cryptbot discovery spyware stealer

Malware Config

Extracted

Family

cryptbot

veoqkb22.top

morpib02.top

Attributes

payload_url
http://tyncel11.top/download.php?file=lv.exe

Signatures

CryptBot
A C++ stealer distributed widely in bundle with other software.
spyware stealer cryptbot
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

c4c4438fe773e29f031758ecf324106d_JaffaCakes118.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	c4c4438fe773e29f031758ecf324106d_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	c4c4438fe773e29f031758ecf324106d_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\c4c4438fe773e29f031758ecf324106d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c4c4438fe773e29f031758ecf324106d_JaffaCakes118.exe"
1⤵
- Checks processor information in registry
PID:1892

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\JkOaHiRjtCxc\_Files\_Information.txt
Filesize
1KB

MD5
97f511fbcc346d936e71b947e0fbf788

SHA1
1569172604163ce3b5fb42cf5c5747feb15c4ca5

SHA256
00fd0fd7e03ddf14508fd86bee0ce83a34ce0c9f8e98c53ac3e79c36e25b8430

SHA512
b7e4e8834b6bf3ffad26e1a32d9f5451744d7a6a4a090cc5e28fc0cc2945c64f61c5a41c78626411bf3b355dd2941046740c195bbfb5d6797eca92b807a95ee5

Download Submit
C:\Users\Admin\AppData\Local\Temp\JkOaHiRjtCxc\_Files\_Information.txt
Filesize
1KB

MD5
e7529709e4780f6893605246bd3e538f

SHA1
6b983a0ee489e9dd8d8b790926c9f432b73280f3

SHA256
0a99bb6788033a8ff43caae0218a18e465c2f1ba7168d6c67d59cd7527ad2415

SHA512
21ddc513d8e26d571e62694f270ac96fb758038c37a1a7d7c76df9c20d3dfb2a9d09cd6b3eebf9a7be94d576c332502403d66fe009a8a4df974184b867c7b2fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\JkOaHiRjtCxc\_Files\_Information.txt
Filesize
4KB

MD5
61cfbd370659d3d05cfaea2fdfab2f69

SHA1
acee9203d596973bacb3178297745919b95e4f1b

SHA256
625f4a503d59f2f0cee710d1597ac8c99d78abdfcb02eb220f534c98a7ee15c8

SHA512
629e09fde01e1f9538926c41aca0722ae6a4f0d5fce2f02a884fe35ecf944a6537a1b6d53fbeaf200a2796bd0f70c3ef72970ca7f0b9d24bf909d0ab80d1a7f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\JkOaHiRjtCxc\_Files\_Screen_Desktop.jpeg
Filesize
56KB

MD5
c1a449cc1cceba5bca648d9e6c9f783c

SHA1
f87621826b2352428ef7c7c5d262e0249eb09574

SHA256
f6b2e9989a86a0940aa76e1ea677edd72d695af79d1c58a9dafd8bb59d4c6e74

SHA512
d5784cbfda5c243b8362e6e6eef959aac35cb02018eeafddcf1122b3136d3d56467c23083a8e73d9ca1f8c6733de47c4e4686e0b757da550eb6aba04068d7df0

Download Submit
C:\Users\Admin\AppData\Local\Temp\JkOaHiRjtCxc\wmRcgiDxyoX.zip
Filesize
50KB

MD5
5a33d87e60217a0a84dad7b6f6de8852

SHA1
74a9a5de5aad18c5fc56f3674364ab6ff368e5d7

SHA256
97d61e97fc1ae366c08ad29e53441dddd7fc0c304708b3a8693c1e335b1f163d

SHA512
d281bf01bf109d13a0782df3694cdc89441d71f9b497b7268efb0da196d3d8b0a4240132bd3d0deed41c286c66cc5b736c45b35eea67730d4c26a55b70bf034a

Download Submit
memory/1892-121-0x0000000000400000-0x0000000002F27000-memory.dmp

Filesize
43.2MB

Download
memory/1892-127-0x0000000000400000-0x0000000002F27000-memory.dmp

Filesize
43.2MB

Download
memory/1892-113-0x0000000000400000-0x0000000002F27000-memory.dmp

Filesize
43.2MB

Download
memory/1892-116-0x0000000000400000-0x0000000002F27000-memory.dmp

Filesize
43.2MB

Download
memory/1892-117-0x00000000030D0000-0x00000000031D0000-memory.dmp

Filesize
1024KB

Download
memory/1892-118-0x0000000003080000-0x00000000030C5000-memory.dmp

Filesize
276KB

Download
memory/1892-2-0x0000000003080000-0x00000000030C5000-memory.dmp

Filesize
276KB

Download
memory/1892-1-0x00000000030D0000-0x00000000031D0000-memory.dmp

Filesize
1024KB

Download
memory/1892-123-0x0000000000400000-0x0000000002F27000-memory.dmp

Filesize
43.2MB

Download
memory/1892-3-0x0000000000400000-0x0000000002F27000-memory.dmp

Filesize
43.2MB

Download
memory/1892-131-0x0000000000400000-0x0000000002F27000-memory.dmp

Filesize
43.2MB

Download
memory/1892-134-0x0000000000400000-0x0000000002F27000-memory.dmp

Filesize
43.2MB

Download
memory/1892-136-0x0000000000400000-0x0000000002F27000-memory.dmp

Filesize
43.2MB

Download
memory/1892-139-0x0000000000400000-0x0000000002F27000-memory.dmp

Filesize
43.2MB

Download
memory/1892-144-0x0000000000400000-0x0000000002F27000-memory.dmp

Filesize
43.2MB

Download
memory/1892-146-0x0000000000400000-0x0000000002F27000-memory.dmp

Filesize
43.2MB

Download
memory/1892-149-0x0000000000400000-0x0000000002F27000-memory.dmp

Filesize
43.2MB

Download
memory/1892-151-0x0000000000400000-0x0000000002F27000-memory.dmp

Filesize
43.2MB

Download
memory/1892-155-0x0000000000400000-0x0000000002F27000-memory.dmp

Filesize
43.2MB

Download