cryptbot | e3e6b0c7c76f1e07644749b4666f7c24bb9f061a9b9d0413623281d141cfa32f | Triage

Submit
Reports

Overview

overview

Static

static

3

bfd38964ce...18.exe

windows7-x64

bfd38964ce...18.exe

windows10-2004-x64

Sharing

General

Target

bfd38964ce5ed7eb0298112762d73661_JaffaCakes118
Size

378KB
Sample

240404-xbrmaaff94
MD5

bfd38964ce5ed7eb0298112762d73661
SHA1

f44f6c31834a5e615b35a79e34c8396f31a440d3
SHA256

e3e6b0c7c76f1e07644749b4666f7c24bb9f061a9b9d0413623281d141cfa32f
SHA512

4883083f628d89e5a41a847df4c84983b1e6779ba7f0176a70c6ce84b7dc0867362ab2296e8bb108018599e6b14a540a46d69ad3400c8aa0a0db8ccf4fff65e2
SSDEEP

6144:YtojtTr+jbe26iPrJ0gDn2ykShB9uh1NeCx5CmkxIGgz2na6Ja:YtojxK3SQ0jS8LNeCx5PGgz2ah

Score

10^/10

cryptbot discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bfd38964ce5ed7eb0298112762d73661_JaffaCakes118.exe

Resource

win7-20240221-en

cryptbot spyware stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

bfd38964ce5ed7eb0298112762d73661_JaffaCakes118.exe

Resource

win10v2004-20240226-en

cryptbot discovery spyware stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

cryptbot

C2

cemfyj62.top

morota06.top

Attributes

payload_url
http://bojitn09.top/download.php?file=lv.exe

Targets

- Target
  
  bfd38964ce5ed7eb0298112762d73661_JaffaCakes118
- Size
  
  378KB
- MD5
  
  bfd38964ce5ed7eb0298112762d73661
- SHA1
  
  f44f6c31834a5e615b35a79e34c8396f31a440d3
- SHA256
  
  e3e6b0c7c76f1e07644749b4666f7c24bb9f061a9b9d0413623281d141cfa32f
- SHA512
  
  4883083f628d89e5a41a847df4c84983b1e6779ba7f0176a70c6ce84b7dc0867362ab2296e8bb108018599e6b14a540a46d69ad3400c8aa0a0db8ccf4fff65e2
- SSDEEP
  
  6144:YtojtTr+jbe26iPrJ0gDn2ykShB9uh1NeCx5CmkxIGgz2na6Ja:YtojxK3SQ0jS8LNeCx5PGgz2ah
Score

10^/10

cryptbot spyware stealer discovery
- CryptBot
  A C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cryptbotspywarestealer

behavioral2

cryptbotdiscoveryspywarestealer

© 2018-2024

Terms | Privacy