Overview

overview

10

Static

static

704a4ebafd...7e.exe

windows7_x64

10

704a4ebafd...7e.exe

windows10_x64

10

Analysis

  • max time kernel
    9s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    25-05-2021 14:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    704a4ebafde59fed66cb4859f1645d7e.exe

  • Size

    770KB

  • MD5

    704a4ebafde59fed66cb4859f1645d7e

  • SHA1

    135a34a2eae7bf6b220a41dd5ae70f232f543bc1

  • SHA256

    01e0e8312ba9622a57dfbf40615513bf2a01c38d9fba806e1bc9c08364b2041f

  • SHA512

    11b92a4838a70e6272874d12d3561d6c7218771d21b0bb319e0e30621be492be5510850bbbfc34aa03d6c963657277a3e535f000ab141a71100d3711a8112c07

Score
10/10
cryptbotspywarestealer

Malware Config

Extracted

Family

cryptbot

C2

geocnq22.top

moreok02.top
Attributes
  • payload_url

    http://rogmzx03.top/download.php?file=lv.exe

Signatures

  • CryptBot

    A C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot
  • CryptBot Payload 2 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\704a4ebafde59fed66cb4859f1645d7e.exe
    "C:\Users\Admin\AppData\Local\Temp\704a4ebafde59fed66cb4859f1645d7e.exe"
    1⤵
    • Checks processor information in registry
    PID:520

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/520-60-0x0000000075891000-0x0000000075893000-memory.dmp

    Filesize

    8KB

    Download

  • memory/520-61-0x00000000004F0000-0x00000000005D1000-memory.dmp

    Filesize

    900KB

    Download

  • memory/520-62-0x0000000000400000-0x00000000004E5000-memory.dmp

    Filesize

    916KB

    Download