Analysis
-
max time kernel
8s -
max time network
13s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
15/05/2021, 10:32
Static task
static1
Behavioral task
behavioral1
Sample
ba15de0f65e1d9b9d7ed54603aed434676f2f0c8eb759.exe
Resource
win7v20210408
0 signatures
0 seconds
General
-
Target
ba15de0f65e1d9b9d7ed54603aed434676f2f0c8eb759.exe
-
Size
708KB
-
MD5
7de2d80e181ee60311d729f2b1fafc57
-
SHA1
6579dab44c6619b6af86b57fcd160f9a1ffe7b54
-
SHA256
ba15de0f65e1d9b9d7ed54603aed434676f2f0c8eb759fd20c9cf44693abf786
-
SHA512
48776b1226081f6892da57fae1437deaed37bc758f677693a258416a27bdf7690deaa3033cc66697fa88941d02673695751de97b23c63b04eee3f9c139f4e366
Malware Config
Extracted
Family
cryptbot
C2
remmzp62.top
mortlk06.top
Attributes
-
payload_url
http://sullok09.top/download.php?file=lv.exe
Signatures
-
CryptBot Payload 2 IoCs
resource yara_rule behavioral1/memory/1028-61-0x00000000004F0000-0x00000000005D1000-memory.dmp family_cryptbot behavioral1/memory/1028-62-0x0000000000400000-0x00000000004E5000-memory.dmp family_cryptbot -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 ba15de0f65e1d9b9d7ed54603aed434676f2f0c8eb759.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString ba15de0f65e1d9b9d7ed54603aed434676f2f0c8eb759.exe