Overview

overview

10

Static

static

1298b62fc3...14.exe

windows7_x64

10

1298b62fc3...14.exe

windows10_x64

10

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    01-06-2021 06:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1298b62fc3c9668e95a2d8af5f3c227afa87083c3e614.exe

  • Size

    802KB

  • MD5

    58fe2c2a4e7bdf9a1ea96b7e9242fcf1

  • SHA1

    660d25a37871b8e05ded2e0ed2c3b0173d2948bb

  • SHA256

    1298b62fc3c9668e95a2d8af5f3c227afa87083c3e614d48d01d01509316c3ec

  • SHA512

    5024038a6f0978e28eb5f8a8f58528147f0f61391553113af85809634b4e08cec89480f4654c69a5241905c89006eea351ad79f746b3842d97912851b0ac7724

Score
10/10
cryptbotspywarestealer

Malware Config

Extracted

Family

cryptbot

C2

nimicw12.top

morqli01.top
Attributes
  • payload_url

    http://noirgf01.top/download.php?file=lv.exe

Signatures

  • CryptBot

    A C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot
  • CryptBot Payload 2 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\1298b62fc3c9668e95a2d8af5f3c227afa87083c3e614.exe
    "C:\Users\Admin\AppData\Local\Temp\1298b62fc3c9668e95a2d8af5f3c227afa87083c3e614.exe"
    1⤵
    • Checks processor information in registry
    PID:1748

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1748-59-0x00000000757E1000-0x00000000757E3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1748-60-0x0000000001DD0000-0x0000000001EB1000-memory.dmp

    Filesize

    900KB

    Download

  • memory/1748-61-0x0000000000400000-0x00000000004E5000-memory.dmp

    Filesize

    916KB

    Download