Analysis
-
max time kernel
5s -
max time network
12s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
11/05/2021, 15:16
Static task
static1
Behavioral task
behavioral1
Sample
a5c463db805e356cb6e73e5676b397eab265e061c6797.exe
Resource
win7v20210408
0 signatures
0 seconds
General
-
Target
a5c463db805e356cb6e73e5676b397eab265e061c6797.exe
-
Size
740KB
-
MD5
e458dc2ba9e161ea08ff8bebea2a469e
-
SHA1
33c3d82ad1a6ae6025f3c6d7230b7182da4b0765
-
SHA256
a5c463db805e356cb6e73e5676b397eab265e061c6797e27b626b8b4aee892a3
-
SHA512
f798ec39f39ecff88ed5092751e4500f4f7542e74d4b4c118b1dd85c390186d00b543aa9f26d6baf1317993bd7ee360177eb32b5c698d0356be3bbf1cb7d9eb1
Malware Config
Extracted
Family
cryptbot
C2
remdvz22.top
morjgs02.top
Attributes
-
payload_url
http://sulsxq03.top/download.php?file=lv.exe
Signatures
-
CryptBot Payload 2 IoCs
resource yara_rule behavioral1/memory/1828-61-0x0000000001D50000-0x0000000001E31000-memory.dmp family_cryptbot behavioral1/memory/1828-62-0x0000000000400000-0x00000000004E5000-memory.dmp family_cryptbot -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 a5c463db805e356cb6e73e5676b397eab265e061c6797.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString a5c463db805e356cb6e73e5676b397eab265e061c6797.exe