Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
19-05-2021 10:30
Static task
static1
Behavioral task
behavioral1
Sample
549a131665d0230870272c99660fb149e3854345882d9.exe
Resource
win7v20210408
0 signatures
0 seconds
General
-
Target
549a131665d0230870272c99660fb149e3854345882d9.exe
-
Size
728KB
-
MD5
94b760e4a94c01825f38455188713f63
-
SHA1
a089a3063781346b9196a6ec29d38d2cff3abd77
-
SHA256
549a131665d0230870272c99660fb149e3854345882d9bb76f1945cd0bf647d5
-
SHA512
26beca0028ea78015bcdab59e67fce4cacdd13dbf0e975a2d610736e537d7daac23176ed82cac5c2c0592454f363bd34d8a3900c2d25d39174e7451d74e73f19
Malware Config
Extracted
Family
cryptbot
C2
sogkys22.top
morlux02.top
Attributes
-
payload_url
http://douwkw02.top/download.php?file=lv.exe
Signatures
-
CryptBot Payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/1828-61-0x0000000001DC0000-0x0000000001EA1000-memory.dmp family_cryptbot behavioral1/memory/1828-62-0x0000000000400000-0x00000000004E5000-memory.dmp family_cryptbot -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
549a131665d0230870272c99660fb149e3854345882d9.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 549a131665d0230870272c99660fb149e3854345882d9.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 549a131665d0230870272c99660fb149e3854345882d9.exe