Analysis
-
max time kernel
123s -
max time network
124s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
14/05/2021, 17:02
Static task
static1
Behavioral task
behavioral1
Sample
305df52e17cf7e129ece5188cd9bf51102fda9ac812d5.exe
Resource
win7v20210410
0 signatures
0 seconds
General
-
Target
305df52e17cf7e129ece5188cd9bf51102fda9ac812d5.exe
-
Size
716KB
-
MD5
3edf30cca0e969d2ba512ffc73d77eb4
-
SHA1
f6cc5083820a4897fbfb2890568691b12400fb59
-
SHA256
305df52e17cf7e129ece5188cd9bf51102fda9ac812d597c3e29314b06e8b3b8
-
SHA512
e50bbe973b796c802a789d0463bad04274d5f81a10e327b731b2c8730d779fb4266a782e59b88d1e590f75038b297873a4ec112097a5873dde3e1e1dd006755e
Malware Config
Extracted
Family
cryptbot
C2
remeze52.top
morhza05.top
Attributes
-
payload_url
http://suleqs07.top/download.php?file=lv.exe
Signatures
-
CryptBot Payload 2 IoCs
resource yara_rule behavioral1/memory/1088-61-0x00000000002F0000-0x00000000003D1000-memory.dmp family_cryptbot behavioral1/memory/1088-62-0x0000000000400000-0x00000000004E5000-memory.dmp family_cryptbot -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 305df52e17cf7e129ece5188cd9bf51102fda9ac812d5.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 305df52e17cf7e129ece5188cd9bf51102fda9ac812d5.exe