Analysis
-
max time kernel
7s -
max time network
39s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
14/05/2021, 07:02
Static task
static1
Behavioral task
behavioral1
Sample
2da5f09b58088a8e3a3ffa45d1f5f5d9.exe
Resource
win7v20210408
0 signatures
0 seconds
General
-
Target
2da5f09b58088a8e3a3ffa45d1f5f5d9.exe
-
Size
771KB
-
MD5
2da5f09b58088a8e3a3ffa45d1f5f5d9
-
SHA1
3086e2a39dd09b0c8f2a9e9e8a471555f417e0e4
-
SHA256
3fbbe701191020522bf1488b4015d325f38c46acd07456de0cd8f4035f1ed170
-
SHA512
0cf11a5556069e78aac01f4281507a71186d997790b902e0378342930db44bc9403c422ab0ae73634b695cef3a164baca0b45dbea7c95202072ea314b94704b6
Malware Config
Extracted
Family
cryptbot
C2
remkoy32.top
morkqz03.top
Attributes
-
payload_url
http://sulejx04.top/download.php?file=lv.exe
Signatures
-
CryptBot Payload 2 IoCs
resource yara_rule behavioral1/memory/652-60-0x00000000021C0000-0x00000000022A1000-memory.dmp family_cryptbot behavioral1/memory/652-61-0x0000000000400000-0x00000000008B9000-memory.dmp family_cryptbot -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 2da5f09b58088a8e3a3ffa45d1f5f5d9.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 2da5f09b58088a8e3a3ffa45d1f5f5d9.exe