cryptbot | 9effd1d916479ebfecd12f3650088aae8883eb4929835c26fe2dd3c5b7351f04 | Triage

Submit
Reports

Overview

overview

Static

static

3813337991...5f.exe

windows7-x64

7

3813337991...5f.exe

windows10-2004-x64

7

Resubmissions

22-06-2024 13:26

240622-qp2k3szdjg 10

22-06-2024 13:22

240622-qmnw7szcle 10

Sharing

General

Target

381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.zip
Size

134KB
Sample

240622-qmnw7szcle
MD5

ef0bde59ac1b1fbac9cd1fe0c9041313
SHA1

c8fe5de409be59a5c01fb5a6529d50476a64f73c
SHA256

9effd1d916479ebfecd12f3650088aae8883eb4929835c26fe2dd3c5b7351f04
SHA512

135867d3ea58b3f86f3f33712cf1c0a44278bbff732d587a1eff379c574d392d632ce1de8304c42a6747fa6b82e23c00192027eb78d6c139c7fd57bb29e70cc6
SSDEEP

3072:3hvqWgry/5LNmrPCC+2HWnZda8ZTo2l+48DG3lSODKl6JsV:RCWgryhg+CTHkZc0TKXDGVSOrJsV

Score

10^/10

cryptbot discovery spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe

Resource

win7-20240508-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe

Resource

win10v2004-20240508-en

discovery spyware stealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

cryptbot

C2

unic16m.top

unic16e.top

Targets

- Target
  
  381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f.exe
- Size
  
  280KB
- MD5
  
  681457fa460dff885eef657f166d5ef8
- SHA1
  
  44cac83393e0d6d083f0f2ae064090e2478f715b
- SHA256
  
  381333799197cdf21b4d12d9ce83587673c52b336547a5425bbd9c69bba00d5f
- SHA512
  
  369d299957327e6260f636933756054a0cd6ca78c4e585544aaac56c87fc6da8c9140e0ab0db51c601c06b95566ffa75d1f9699bc53369994eb0ab6d19eb2180
- SSDEEP
  
  6144:s068sLPlQBdpbFl37RYeuFAeQKWQcAfoOGCR/4jTHazM80WLXTT9Bvl:s068sLPlQBdpbFl3l0FAepWQcMdu+Ymt
Score

7^/10

discovery spyware stealer
- Deletes itself
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

discoveryspywarestealer

© 2018-2024

Terms | Privacy