Analysis
-
max time kernel
150s -
max time network
91s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
11-02-2021 11:08
Static task
static1
Behavioral task
behavioral1
Sample
f57c8f87acaa5e22b44796b681d54e55.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
f57c8f87acaa5e22b44796b681d54e55.exe
-
Size
595KB
-
MD5
f57c8f87acaa5e22b44796b681d54e55
-
SHA1
9b428283210c673edc41ae38ad36f5ffae59c1fd
-
SHA256
38b951946943714900dc29bb01ce025a84e0f52f095e2901e74a509b9499f2c6
-
SHA512
27d9b453a00d7171dbd64e675cdcb4ccaab5474702bfa39f59532c6d1fcd1922dcae1c31598a6052fa66cac256097725f941f4f534e3e03499bea8448158958f
Malware Config
Extracted
Family
cryptbot
C2
breasuals42.top
morteisatr04.top
Attributes
-
payload_url
http://cotrarest05.top/download.php?file=lv.exe
Signatures
-
CryptBot Payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/1432-4-0x0000000000930000-0x0000000000A10000-memory.dmp family_cryptbot behavioral1/memory/1432-5-0x0000000000400000-0x00000000004E3000-memory.dmp family_cryptbot -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
f57c8f87acaa5e22b44796b681d54e55.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 f57c8f87acaa5e22b44796b681d54e55.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString f57c8f87acaa5e22b44796b681d54e55.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1432-2-0x0000000000C80000-0x0000000000C91000-memory.dmpFilesize
68KB
-
memory/1432-3-0x0000000075BF1000-0x0000000075BF3000-memory.dmpFilesize
8KB
-
memory/1432-4-0x0000000000930000-0x0000000000A10000-memory.dmpFilesize
896KB
-
memory/1432-5-0x0000000000400000-0x00000000004E3000-memory.dmpFilesize
908KB