Analysis
-
max time kernel
8s -
max time network
38s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
14/05/2021, 16:26
Static task
static1
Behavioral task
behavioral1
Sample
305df52e17cf7e129ece5188cd9bf51102fda9ac812d5.exe
Resource
win7v20210408
0 signatures
0 seconds
General
-
Target
305df52e17cf7e129ece5188cd9bf51102fda9ac812d5.exe
-
Size
716KB
-
MD5
3edf30cca0e969d2ba512ffc73d77eb4
-
SHA1
f6cc5083820a4897fbfb2890568691b12400fb59
-
SHA256
305df52e17cf7e129ece5188cd9bf51102fda9ac812d597c3e29314b06e8b3b8
-
SHA512
e50bbe973b796c802a789d0463bad04274d5f81a10e327b731b2c8730d779fb4266a782e59b88d1e590f75038b297873a4ec112097a5873dde3e1e1dd006755e
Malware Config
Extracted
Family
cryptbot
C2
remeze52.top
morhza05.top
Attributes
-
payload_url
http://suleqs07.top/download.php?file=lv.exe
Signatures
-
CryptBot Payload 2 IoCs
resource yara_rule behavioral1/memory/1812-60-0x0000000001DB0000-0x0000000001E91000-memory.dmp family_cryptbot behavioral1/memory/1812-61-0x0000000000400000-0x00000000004E5000-memory.dmp family_cryptbot -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 305df52e17cf7e129ece5188cd9bf51102fda9ac812d5.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 305df52e17cf7e129ece5188cd9bf51102fda9ac812d5.exe