Manuel Statik Analiz — CryptBot Stealer | Tehdit: YUKSEK

Dosya Kimliği

SHA256a5f54b2b09467a64f6358eb629468c398c7835c5bfe2a8b1d4f7c0e3a6b9d2f5
Dosya Adıshark2.bin → .exe
Boyut6.039.328 byte (6MB)
String Sayisi29.161

C2 Domain

tvO.es   -- CryptBot C2 domain (.es TLD)
x8D8.io  -- CryptBot C2 domain (.io TLD)

Timing Anti-Analiz

GetTickCount  -- Sistem süresine göre sandbox tespiti

IOC

SHA256a5f54b2b09467a64f6358eb629468c398c7835c5bfe2a8b1d4f7c0e3a6b9d2f5
C2tvO.es, x8D8.io

CryptBot2 — Malware Profile

CryptBot Delphi stealer shark2.bin x8D8.io C2. Browser password crypto wallet. MSH_WHEELSUPPORT Delphi RAD Studio.

Malware Type
Infostealer
Programming Language
Delphi
C2 Protocol
HTTP
Target Systems
Kuresel

Capabilities & Behavior

Tarayıcı Kimlik Bilgileri
Çerez Hırsızlığı
Kripto Cüzdan Çalma
Sistem Bilgisi
Ekran Görüntüsü
FTP/SSH İstemci Şifreleri
E-posta İstemcisi Çalma
Veri Sızıntısı

IOC List (1 indicators)

IOC — CryptBot2
# SHA256 a5f54b2b09467a64f6358eb629468c398c7835c5bfe2a8b1d4f7c0e3a6b9d2f5
TypeValueNote
sha256 a5f54b2b09467a64f6358eb629468c398c7835c5bfe2a8b1d4f7c0e3a6b9d2f5

C2 Servers (1 recorded servers for this family)

Address Type Port Protocol Status Country
x8D8.io domain 443 HTTPS inactive —

C2 addresses are provided only from malware samples manually verified by the KEYDAL team. Commercial use is prohibited.

Tags
cryptbotshark2-bintvoesx8d8iogettickcountdelphiinfostealer