Overview

overview

10

Static

static

3

eb749e44a7...18.exe

windows7-x64

10

eb749e44a7...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-04-2024 16:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eb749e44a75448c807d0af28f8b83e66_JaffaCakes118.exe

  • Size

    623KB

  • MD5

    eb749e44a75448c807d0af28f8b83e66

  • SHA1

    f00ecf94d2ca07d843242b23b1d6e9f92d80c0ce

  • SHA256

    56086c245c079cb9345f744d6c352931877ea6aa2286950f9451d3ec372d6e19

  • SHA512

    f8ee99ab474ba6b797a2d5eddc1245080ff3272576fcdc3bfc5c9d32154ac2b20ddf0939fc98f2d4e66e81f89582f0a0e8a92996896bc29fc478cdd40a3b60c4

  • SSDEEP

    12288:eKOR/0vrmf7SehkqWtVHd/me+NI7E7936QNq3PDQw2k:q/0vwkBtVHd/mNNS/DQ

Score
10/10
cryptbotdiscoveryspywarestealer

Malware Config

Extracted

Family

cryptbot

C2

bunopq12.top

morkix01.top
Attributes
  • payload_url

    http://tobdol01.top/download.php?file=lv.exe

Signatures

  • CryptBot

    A C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot
  • CryptBot payload 4 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of FindShellTrayWindow 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eb749e44a75448c807d0af28f8b83e66_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\eb749e44a75448c807d0af28f8b83e66_JaffaCakes118.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious use of FindShellTrayWindow
    PID:2952

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\6OTIHUhfl\_Files\_Information.txt
    Filesize

    1KB

    MD5

    75ceee82dadd02138cc3296a974fcad4

    SHA1

    7cbf72aab2509b0cfb1f222016efba39b1e9fe8d

    SHA256

    aa2f5c9cb6be9533b3beec284cc5098b6df7746166d4d19ccd3ccf18e1ba9e13

    SHA512

    e3491ef87be699ba36ec7b006484939bfa0afe06f6fde71f03b9c4c5269ba8618b1667054e85381592a12ce1edce6b85de54c9a9e358b736ad38cca19a464646

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\6OTIHUhfl\_Files\_Information.txt
    Filesize

    3KB

    MD5

    1d64d4a3d143b48c0abc2aa4bce858d0

    SHA1

    07618ccd12c6703e1845551d7e67913bd6e4021b

    SHA256

    7bbb2a2878e7df323f6cf21e1a7cb26a9e8dce6309a3a7b2993df48a4c551586

    SHA512

    05b4d572478d0a064c3c3ff4e6b1dfc8f3b4f2f75ceac8f7f769979340fb8c786ade206b0b938a7ecee9c93ff1aced55753d86b4642e70aa89d6c27a3d299817

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\6OTIHUhfl\_Files\_Information.txt
    Filesize

    3KB

    MD5

    8e2ca09d24c328e3094f717255309afe

    SHA1

    b1071d7968c7006e94a5aa7cb5fc9a57d4fb1ecf

    SHA256

    ed13c6da78e2f3a0a68b57549168132c9961fefccb123e22c7c68cc9ac1b4786

    SHA512

    d3dcc62c5e7b34ad6e4e03c25f6656d1a4d68316c679014d6723bb4252b86945c0d0469df7bbf717dcee203b314828844abbd50364a8833539bf62c4a9dd2372

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\6OTIHUhfl\_Files\_Information.txt
    Filesize

    4KB

    MD5

    c27de8b10e01c8261de049403bdd4ce7

    SHA1

    6bf24a7c04ca1e7e6e5fcd2a2ee009798ed04a7f

    SHA256

    5b181a299b291164afd32819ffcf879ad73cd37b25690e82ec4396b0d7ed2ce4

    SHA512

    f07856aea4b8d5eeb4738f5b444a798ed2b6822298a8699f80c629e17c390d7811d25254add2ea708ec8be97f430533458303fa9fcc0bd0ab454c9544c0df89a

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\6OTIHUhfl\_Files\_Screen_Desktop.jpeg
    Filesize

    39KB

    MD5

    6aefa252d620b843e2187f12c3aec17d

    SHA1

    48126c1574f80b998602911976170b41ce15fa2f

    SHA256

    5e6614ffcc905635c6519fffea5c8c8983c156b08df4fb8f6c89d08e81c3d79d

    SHA512

    3b100126da59c40dedebf30d3f0f40e70194a209baa2361ab765367b0c3b1ec28ee139c043e9b1e526d50e1148a902c80e2f5028ad4ff2b34649cb9bbcb8a5f7

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\6OTIHUhfl\files_\system_info.txt
    Filesize

    1KB

    MD5

    503272735c00b19bb92c909e572821d5

    SHA1

    e9d07a73410b242bed9a10f8cd095eb4328dc9d6

    SHA256

    7b347e5b3be7669bfbbf326498d0d91ebe4a55387555cee64d988d0c4212d391

    SHA512

    7bac01892173e664fdba35ce8de5e347d36fb216352204be0bb536869442ec50560a718f6f91d609a2abe370fcfe19cd70809c9892063a7e9ec5f9b17005ab7f

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\6OTIHUhfl\files_\system_info.txt
    Filesize

    3KB

    MD5

    0bfd77ab3d5f86aeb80b2307e7cb96bc

    SHA1

    348b5f395888e7a1c957156e5e0269fd9ad6a8c5

    SHA256

    a8d667982742f644cdd297b654ca5cbac053fc62b4554ef5c1517e34ab4654b0

    SHA512

    80e883f884605384c6d9c58d168a7e5f38e6bf5e2a452fe8aa2fd819ed2d87d85b6623b7a8cc5cfc8864bf8ad1f4eb52e4344a4aacc409fb4ca6acecc06edc52

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\6OTIHUhfl\files_\system_info.txt
    Filesize

    3KB

    MD5

    c319d41f27e266a326d32e721dbc7108

    SHA1

    b1225868c5e138b1c7ca083f366c429a719a67db

    SHA256

    8f7b0c484c6fe989e8fd5f59b757e3bef4a2c9db4ec0b7c6125225670f990382

    SHA512

    62e3626aeaf36da72807c808a62d6a734db86e370a4dfc5d31df9d54dc78f2db1f025b3ebc083031f5ffe53da300f44638ff2ae6836b7883855d6722afef1d6c

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\6OTIHUhfl\files_\system_info.txt
    Filesize

    4KB

    MD5

    2d9ab33973d2f2a285a47fa821e57873

    SHA1

    f6d211c9183a2527128b87ac2c0eefb998375aec

    SHA256

    bf9c2c4c2c984704235be3e6837dace95382f9cda2c3376bd25e4c6deb02a3b7

    SHA512

    0c7d0196ae1d6218310222b937f0d74c6a9410abfb1a33571980c8d653dfc6a9c7a73b2e0f54386da7b31e10d417516fc57cb0217a474f5158b9eaeaf316a266

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\6OTIHUhfl\wfj7cqcbwQ28op.zip
    Filesize

    32KB

    MD5

    6214237ab9d3834d319376f7c46a9ee3

    SHA1

    e14eb868d936f1e9ead988daccce89f54d2a2081

    SHA256

    94b398854d605839213294fb1f559129b913ad03b648c75e2d97460e10d9c064

    SHA512

    598d58a80a4989ad0f8dee557d108495889566e5392e462cd74e827b596af99c99589e045a317c12c9ef3763af21e04094ef82c69598bbfcc30c1821e009e241

    Download Submit
  • memory/2952-1-0x0000000000270000-0x0000000000370000-memory.dmp
    Filesize

    1024KB

    Download
  • memory/2952-3-0x0000000000400000-0x0000000002406000-memory.dmp
    Filesize

    32.0MB

    Download
  • memory/2952-4-0x0000000003EB0000-0x0000000003EB1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2952-2-0x0000000002480000-0x0000000002520000-memory.dmp
    Filesize

    640KB

    Download
  • memory/2952-222-0x0000000000400000-0x0000000002406000-memory.dmp
    Filesize

    32.0MB

    Download
  • memory/2952-225-0x0000000000270000-0x0000000000370000-memory.dmp
    Filesize

    1024KB

    Download
  • memory/2952-226-0x0000000002480000-0x0000000002520000-memory.dmp
    Filesize

    640KB

    Download
  • memory/2952-228-0x0000000003EB0000-0x0000000003EB1000-memory.dmp
    Filesize

    4KB

    Download