cryptbot | f0f167b361376dc23b604f18e3642c459368c71e8e030e00170d5db431ceb45c | Triage

Submit
Reports

Overview

overview

Static

static

1

150cc6fff4...18.exe

windows10-2004-x64

Sharing

General

Target

150cc6fff4a7fca07ff09a3e37fb7828_JaffaCakes118
Size

1.7MB
Sample

240627-hm96fazelp
MD5

150cc6fff4a7fca07ff09a3e37fb7828
SHA1

0a77ae0762093dedebf497aae917c1bd29ec6407
SHA256

f0f167b361376dc23b604f18e3642c459368c71e8e030e00170d5db431ceb45c
SHA512

8246091ed11c659f7f8a3f5cf4df448d6632e62644662fddef29301f6ad82ba7c409682e238fec6bd07e95e17f5318b3351cb0e529b8b542ef126985bc070afd
SSDEEP

49152:YmS7T6hb8lMKMDQzPFRUmN1lU5XUM8y+90O:C7TQb8+KbzPFRUm9U5kdP

Score

10^/10

cryptbot discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

150cc6fff4a7fca07ff09a3e37fb7828_JaffaCakes118.exe

Resource

win10v2004-20240508-en

cryptbot discovery persistence spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  150cc6fff4a7fca07ff09a3e37fb7828_JaffaCakes118
- Size
  
  1.7MB
- MD5
  
  150cc6fff4a7fca07ff09a3e37fb7828
- SHA1
  
  0a77ae0762093dedebf497aae917c1bd29ec6407
- SHA256
  
  f0f167b361376dc23b604f18e3642c459368c71e8e030e00170d5db431ceb45c
- SHA512
  
  8246091ed11c659f7f8a3f5cf4df448d6632e62644662fddef29301f6ad82ba7c409682e238fec6bd07e95e17f5318b3351cb0e529b8b542ef126985bc070afd
- SSDEEP
  
  49152:YmS7T6hb8lMKMDQzPFRUmN1lU5XUM8y+90O:C7TQb8+KbzPFRUm9U5kdP
Score

10^/10

cryptbot discovery persistence spyware stealer
- CryptBot
  A C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- CryptBot payload
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Executes dropped EXE
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cryptbotdiscoverypersistencespywarestealer

© 2018-2024

Terms | Privacy