General
-
Target
acf5a0702538d69871c917a13a45effbcc2dd9161578b.exe
-
Size
744KB
-
Sample
210505-zpe4y79pvx
-
MD5
133e64e417a18aa63318a7568506f612
-
SHA1
5b52a1c1775fa6de222eb1ab74e1e2727bdcfa22
-
SHA256
acf5a0702538d69871c917a13a45effbcc2dd9161578b270a6b56f8447062dbf
-
SHA512
8f09b3ecfad1af2f6604947a372ce8002bd4f27dec78277142cd9dd6c7f9bb4e76aacb724e93113a436dce5018bd3f1254e7a1fbc256a698fadbf9486098a340
Static task
static1
Behavioral task
behavioral1
Sample
acf5a0702538d69871c917a13a45effbcc2dd9161578b.exe
Resource
win7v20210410
Malware Config
Extracted
cryptbot
eostco22.top
morczs02.top
-
payload_url
http://agnyzg02.top/download.php?file=lv.exe
Targets
-
-
Target
acf5a0702538d69871c917a13a45effbcc2dd9161578b.exe
-
Size
744KB
-
MD5
133e64e417a18aa63318a7568506f612
-
SHA1
5b52a1c1775fa6de222eb1ab74e1e2727bdcfa22
-
SHA256
acf5a0702538d69871c917a13a45effbcc2dd9161578b270a6b56f8447062dbf
-
SHA512
8f09b3ecfad1af2f6604947a372ce8002bd4f27dec78277142cd9dd6c7f9bb4e76aacb724e93113a436dce5018bd3f1254e7a1fbc256a698fadbf9486098a340
-
CryptBot Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-