Analysis
-
max time kernel
5s -
max time network
8s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
14/05/2021, 01:23
Static task
static1
Behavioral task
behavioral1
Sample
a5c463db805e356cb6e73e5676b397eab265e061c6797e27b626b8b4aee892a3.exe
Resource
win7v20210410
0 signatures
0 seconds
General
Malware Config
Extracted
Family
cryptbot
C2
remdvz22.top
morjgs02.top
Attributes
-
payload_url
http://sulsxq03.top/download.php?file=lv.exe
Signatures
-
CryptBot Payload 2 IoCs
resource yara_rule behavioral1/memory/788-60-0x00000000004F0000-0x00000000005D1000-memory.dmp family_cryptbot behavioral1/memory/788-61-0x0000000000400000-0x00000000004E5000-memory.dmp family_cryptbot -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 a5c463db805e356cb6e73e5676b397eab265e061c6797e27b626b8b4aee892a3.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString a5c463db805e356cb6e73e5676b397eab265e061c6797e27b626b8b4aee892a3.exe