{
	"id": "346c85f2-4baa-4ad0-94b1-b209dc51c803",
	"created_at": "2026-04-06T00:06:09.360937Z",
	"updated_at": "2026-04-10T03:21:44.771175Z",
	"deleted_at": null,
	"sha1_hash": "ef1fe5ef6f5bcc388896fdd15485a7948c4a753c",
	"title": "CryptBot",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 31677,
	"plain_text": "CryptBot\r\nPublished: 2023-03-16 · Archived: 2026-04-05 18:58:10 UTC\r\n{'c2': 'http://erniku42.top/gate.php;',\r\n 'settings': [{'key': 'CookiesEdge', 'value': 'false'},\r\n {'key': 'HistoryEdge', 'value': 'false'},\r\n {'key': 'HistoryFirefox', 'value': 'false'},\r\n {'key': 'EdgeDB', 'value': 'true'},\r\n {'key': 'Edge', 'value': 'false'},\r\n {'key': 'Files', 'value': 'false'},\r\n {'key': 'Opera', 'value': 'false'},\r\n {'key': 'CookiesOpera', 'value': 'false'},\r\n {'key': 'HistoryOpera', 'value': 'false'},\r\n {'key': 'Screenshot', 'value': 'true'},\r\n {'key': 'Chrome', 'value': 'false'},\r\n {'key': 'Info', 'value': 'true'},\r\n {'key': 'HistoryChrome', 'value': 'false'},\r\n {'key': 'ChromeDB', 'value': 'true'},\r\n {'key': 'Wallet', 'value': 'true'},\r\n {'key': 'ChromeExt', 'value': 'true'},\r\n {'key': 'Firefox', 'value': 'false'},\r\n {'key': 'CookiesChrome', 'value': 'false'},\r\n {'key': 'FirefoxDB', 'value': 'true'},\r\n {'key': 'CookiesFirefox', 'value': 'false'},\r\n {'key': 'Desktop', 'value': 'true'},\r\n {'key': 'EdgeExt', 'value': 'true'},\r\n {'key': 'CookiesFile', 'value': '_AllCookies.txt'},\r\n {'key': 'HistoryFile', 'value': '_AllHistory.txt'},\r\n {'key': 'NTFS', 'value': 'true'},\r\n {'key': 'Key', 'value': 'NkB7vazOVtAR2LZ'},\r\n {'key': 'DesktopFolder', 'value': '_Desktop'},\r\n {'key': 'UAC', 'value': 'false'},\r\n {'key': 'ScreenFile', 'value': '$CREEN.PNG'},\r\n {'key': 'DeleteAfterEnd', 'value': 'true'},\r\n {'key': 'MessageAfterEnd', 'value': 'false'},\r\n {'key': 'FirefoxDBFolder', 'value': '_Firefox'},\r\n {'key': 'Anti', 'value': 'false'},\r\n {'key': 'EdgeDBFolder', 'value': '_Edge'},\r\n {'key': 'UserAgent', 'value': ''},\r\n {'key': 'Prefix', 'value': 'mrd-'},\r\n {'key': 'WalletFolder', 'value': '_Wallet'},\r\n {'key': 'PasswordFile', 'value': '_AllPasswords.txt'},\r\n {'key': 'ChromeDBFolder', 'value': '_Chrome'},\r\nhttps://research.openanalysis.net/cryptbot/botnet/yara/config/2023/03/16/cryptbot.html\r\nPage 1 of 2\n\n{'key': 'ExternalDownload', 'value': 'http://ovapfa05.top/unfele.dat'},\r\n {'key': 'FilesFolder', 'value': '_Files'},\r\n {'key': 'InfoFile', 'value': '_Information.txt'}]}\r\nSource: https://research.openanalysis.net/cryptbot/botnet/yara/config/2023/03/16/cryptbot.html\r\nhttps://research.openanalysis.net/cryptbot/botnet/yara/config/2023/03/16/cryptbot.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://research.openanalysis.net/cryptbot/botnet/yara/config/2023/03/16/cryptbot.html"
	],
	"report_names": [
		"cryptbot.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775433969,
	"ts_updated_at": 1775791304,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/ef1fe5ef6f5bcc388896fdd15485a7948c4a753c.pdf",
		"text": "https://archive.orkl.eu/ef1fe5ef6f5bcc388896fdd15485a7948c4a753c.txt",
		"img": "https://archive.orkl.eu/ef1fe5ef6f5bcc388896fdd15485a7948c4a753c.jpg"
	}
}