Overview

overview

10

Static

static

f086aac3b5...10.exe

windows7_x64

10

f086aac3b5...10.exe

windows10_x64

10

Analysis

  • max time kernel
    10s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    22-05-2021 05:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f086aac3b541fd80290683eda414af10.exe

  • Size

    768KB

  • MD5

    f086aac3b541fd80290683eda414af10

  • SHA1

    16b402b8eade2b0b96a31294b891e3d4d71da3a0

  • SHA256

    8b8a48214f0d0d1a9e210e5f871cc5f608ccb48b6079ec4bcdd5538adbd8d8f2

  • SHA512

    192b3dd78ea297722a14ea6d12ba06a77a2d3841360abe743f29316a54caed487a065faba7bcb331068ab13768ecfa3957ebd658d0d13f6cb8ea52d2ffb86b6d

Score
10/10
cryptbotspywarestealer

Malware Config

Extracted

Family

cryptbot

C2

soggdx52.top

moratr05.top
Attributes
  • payload_url

    http://douydw07.top/download.php?file=lv.exe

Signatures

  • CryptBot

    A C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot
  • CryptBot Payload 2 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\f086aac3b541fd80290683eda414af10.exe
    "C:\Users\Admin\AppData\Local\Temp\f086aac3b541fd80290683eda414af10.exe"
    1⤵
    • Checks processor information in registry
    PID:1936

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1936-60-0x0000000075201000-0x0000000075203000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1936-61-0x0000000000240000-0x0000000000321000-memory.dmp

    Filesize

    900KB

    Download

  • memory/1936-62-0x0000000000400000-0x00000000004E5000-memory.dmp

    Filesize

    916KB

    Download