cryptbot | b04791153b4f7b15aff1c868064f087fbd1004f8c42aab3a577f9398623159eb

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-04-2024 10:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e9cbe181180f938d649cece9bd9d4e3f_JaffaCakes118.exe
Size

319KB
MD5

e9cbe181180f938d649cece9bd9d4e3f
SHA1

0a476de53d88218be1165315a98a0c7898b7d997
SHA256

b04791153b4f7b15aff1c868064f087fbd1004f8c42aab3a577f9398623159eb
SHA512

b2086ac964193daf2557c4ccdb0282302c4d47305f5c7663a4bf5079e50e1fb133c67108ecfbe764cbdaf0742a4ac9250d89875a4b60ca6ef0ff29e7fda10906
SSDEEP

6144:tel4Y9GgGam5m4aTsrpcwTGKbMFavS2Vqy8/GfY3Zl021yDTuJy:tel4Ykg45m4hVVGK3vFXrw3ZZ1yfoy

Score

10^/10

cryptbot discovery spyware stealer

Malware Config

Extracted

Family

cryptbot

pacdpo22.top

moreil02.top

Attributes

payload_url
http://zukelx03.top/download.php?file=lv.exe

Signatures

CryptBot
A C++ stealer distributed widely in bundle with other software.
spyware stealer cryptbot
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

e9cbe181180f938d649cece9bd9d4e3f_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	e9cbe181180f938d649cece9bd9d4e3f_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	e9cbe181180f938d649cece9bd9d4e3f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\e9cbe181180f938d649cece9bd9d4e3f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e9cbe181180f938d649cece9bd9d4e3f_JaffaCakes118.exe"
1⤵
- Checks processor information in registry
PID:3948

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ZvmcJvEmsWvD\_Files\_Files\ClearDeny.txt
Filesize
502KB

MD5
c332ca859e51edcde0b3e7a9855462ee

SHA1
4116d94b739452a3dd8d9e78f9b6ef9317bbe604

SHA256
3c3504edb5421f88113ed9962d128478a3314516cc8a9b6d6c4d1003ccc422b7

SHA512
cad49d8555ba863fb4aa1e8c603f3c484f10d00acd5a2352e7b2cd8807ab20927175d7d7ebc5c42c1dc01a53056b8904132e313b3a03b9e33f08e496ed59028f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZvmcJvEmsWvD\_Files\_Information.txt
Filesize
1KB

MD5
d82f8636c70585f4fa8b88aa0b64f002

SHA1
c5b758e42818953eddefa8de0781c5c5eeaf7c8e

SHA256
10fd9ef33ae5b29b7501911781145d26af919042f550fd46e38c8b4443ce5881

SHA512
726518c08834d0c0ac580e42d308422bed3df61c925e8e99c42a02e0c5db2be00bf28b2fb3e1c23173be172dd225826fa9658bb144d4f6e5ff74ee5b73be927c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZvmcJvEmsWvD\_Files\_Information.txt
Filesize
1KB

MD5
5941546986483ae42d442c207c5a08db

SHA1
4e3cb1fa181dc6ac612f51dc41bd62fabe3915c3

SHA256
f202920404468571da241690f5a39949be5c54d15bddc4e6bacb6ea3a914a582

SHA512
f5712505084ea64375be1f3c442aa8f1ad5a08fe0678709edd5dd7ead099786d31b375fa8940c9ab23cf8ff2326610ff543119a99cbd848fb064d8b68f077024

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZvmcJvEmsWvD\_Files\_Information.txt
Filesize
3KB

MD5
6855711fdba27cfacad8def451278b83

SHA1
3be9fd6068cdbab7b554d8f76c1f1fc0b134140d

SHA256
1ea51d4f2eead52632d96ba84c83f261a9cb2db8b2b9768843979c417c241066

SHA512
9f586dfa7b0e5028ddd925f782f92338828da743b7e1bf4f66a41d0b2cf5647c52fa8c8c42c8d9ceba2bc805e98bda7cce302541ec233046c566b294af5676f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZvmcJvEmsWvD\_Files\_Information.txt
Filesize
4KB

MD5
d561c0a63b63adae75d579c19f0ed16c

SHA1
3e6171240c0092f1ce03606d60e24a0d15b1ea8e

SHA256
eb06e6df428a4c310d866f99d352885fbe2a5a1f7358fab4a75f326c6954d0f9

SHA512
7ad69cb13df64addcf96ee8dbd068cd33d3ec169c3f756d34d901ba9c629e36acdcb2437ee998450c0354c06ed3cd5f36820bf9836a0ce7dc729307d12e27b1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZvmcJvEmsWvD\_Files\_Screen_Desktop.jpeg
Filesize
57KB

MD5
a16c64f92458a285bbf4588f8d027752

SHA1
3b265e06504ab8caad9e70d0b30940ea749a1e47

SHA256
5da6acaae80278388ab679f6fa26e829ee2abb1ee43895149c149c0b2e1ff71a

SHA512
e2589839f2c48d01a13fd6361a423787030bc13247de8296adcc4558847d470bb154e5139d2eb8ca91e59d7f35cb3f35963221ed50c10bd3d9126fa581c75bb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZvmcJvEmsWvD\mlpIYfZbQZOC.zip
Filesize
554KB

MD5
56e9c22478b7c793750797057a1c3285

SHA1
b9ac1fd16fdd3915b40a86760a22c0281fa52688

SHA256
a689194c5efe041ecb95988e42d3a5656b60f77d08d2945a3c0fc3e4ba12854f

SHA512
994e50f1d889a435e44d09d84e382cf7120bdf7aaea2a23740c49c8fb276dfc6364cee886e6efa1047a3d30570f8f01260e79c6d7e048040e14340c0a538d076

Download Submit
memory/3948-123-0x0000000000B60000-0x0000000000C60000-memory.dmp

Filesize
1024KB

Download
memory/3948-133-0x0000000000400000-0x0000000000880000-memory.dmp

Filesize
4.5MB

Download
memory/3948-118-0x0000000000400000-0x0000000000880000-memory.dmp

Filesize
4.5MB

Download
memory/3948-2-0x0000000000AC0000-0x0000000000B06000-memory.dmp

Filesize
280KB

Download
memory/3948-122-0x0000000000400000-0x0000000000880000-memory.dmp

Filesize
4.5MB

Download
memory/3948-1-0x0000000000B60000-0x0000000000C60000-memory.dmp

Filesize
1024KB

Download
memory/3948-124-0x0000000000AC0000-0x0000000000B06000-memory.dmp

Filesize
280KB

Download
memory/3948-127-0x0000000000400000-0x0000000000880000-memory.dmp

Filesize
4.5MB

Download
memory/3948-129-0x0000000000400000-0x0000000000880000-memory.dmp

Filesize
4.5MB

Download
memory/3948-3-0x0000000000400000-0x0000000000880000-memory.dmp

Filesize
4.5MB

Download
memory/3948-136-0x0000000000400000-0x0000000000880000-memory.dmp

Filesize
4.5MB

Download
memory/3948-138-0x0000000000400000-0x0000000000880000-memory.dmp

Filesize
4.5MB

Download
memory/3948-141-0x0000000000400000-0x0000000000880000-memory.dmp

Filesize
4.5MB

Download
memory/3948-143-0x0000000000400000-0x0000000000880000-memory.dmp

Filesize
4.5MB

Download
memory/3948-147-0x0000000000400000-0x0000000000880000-memory.dmp

Filesize
4.5MB

Download
memory/3948-150-0x0000000000400000-0x0000000000880000-memory.dmp

Filesize
4.5MB

Download
memory/3948-153-0x0000000000400000-0x0000000000880000-memory.dmp

Filesize
4.5MB

Download
memory/3948-156-0x0000000000400000-0x0000000000880000-memory.dmp

Filesize
4.5MB

Download
memory/3948-159-0x0000000000400000-0x0000000000880000-memory.dmp

Filesize
4.5MB

Download