Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
CryptBot | A typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. All stolen data is bundled into a zip-file that is uploaded to the c2. | No Attribution |
|
AV Detection |
---|
Source: |
Avira: |
Source: |
Virustotal: |
Perma Link |
Source: |
Integrated Neural Analysis Model: |
Source: |
Joe Sandbox ML: |
Source: |
Code function: |
8_2_009F15B0 | |
Source: |
Code function: |
8_2_6C0E14B0 |
Source: |
Binary or memory string: |
memstr_3f6396ec-5 |
Source: |
Static PE information: |
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior |
Source: |
Code function: |
8_2_009F81E0 | |
Source: |
Code function: |
8_2_6C15AEC0 | |
Source: |
Code function: |
8_2_6C15AF70 | |
Source: |
Code function: |
8_2_6C15AF70 | |
Source: |
Code function: |
8_2_6C100860 | |
Source: |
Code function: |
8_2_6C10A970 | |
Source: |
Code function: |
8_2_6C10A9E0 | |
Source: |
Code function: |
8_2_6C10A9E0 | |
Source: |
Code function: |
8_2_6C0FEB10 | |
Source: |
Code function: |
8_2_6C104453 | |
Source: |
Code function: |
8_2_6C1884A0 | |
Source: |
Code function: |
8_2_6C10C510 | |
Source: |
Code function: |
8_2_6C10A580 | |
Source: |
Code function: |
8_2_6C10A5F0 | |
Source: |
Code function: |
8_2_6C10A5F0 | |
Source: |
Code function: |
8_2_6C10E6E0 | |
Source: |
Code function: |
8_2_6C10E6E0 | |
Source: |
Code function: |
8_2_6C180730 | |
Source: |
Code function: |
8_2_6C100740 | |
Source: |
Code function: |
8_2_6C15C040 | |
Source: |
Code function: |
8_2_6C15C1A0 | |
Source: |
Code function: |
8_2_6C13A1E0 | |
Source: |
Code function: |
8_2_6C100260 | |
Source: |
Code function: |
8_2_6C1B4360 | |
Source: |
Code function: |
8_2_6C15BD10 | |
Source: |
Code function: |
8_2_6C157D10 | |
Source: |
Code function: |
8_2_6C153840 | |
Source: |
Code function: |
8_2_6C10D974 | |
Source: |
Code function: |
8_2_6C139B60 | |
Source: |
Code function: |
8_2_6C11BBD7 | |
Source: |
Code function: |
8_2_6C11BBDB | |
Source: |
Code function: |
8_2_6C15B4D0 | |
Source: |
Code function: |
8_2_6C10D504 | |
Source: |
Code function: |
8_2_6C159600 | |
Source: |
Code function: |
8_2_6C10D674 | |
Source: |
Code function: |
8_2_6C153690 | |
Source: |
Code function: |
8_2_6C10D7F4 | |
Source: |
Code function: |
8_2_6C183140 | |
Source: |
Code function: |
8_2_6C0FB1D0 | |
Source: |
Code function: |
8_2_6C10D2A0 | |
Source: |
Code function: |
8_2_6C177350 |
Source: |
Memory has grown: |
Networking |
---|
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |
||
Source: |
HTTP traffic detected: |