Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
03-06-2021 23:50
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Troj.Kryptik-TR.832.4367.exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.Troj.Kryptik-TR.832.4367.exe
-
Size
746KB
-
MD5
8d93b4ca20dea336647b556294a36ab4
-
SHA1
f4c3c4e89f53676b7b88280fdf37dba5a237d047
-
SHA256
8a76004d1a369fe370c6427a17869a59844c131ac485ac7577a41df8f61d13f9
-
SHA512
8afbe6e21fda9c43ac2337bfc45cf1a3867cd4dd48e076584f23b24ed25908b7d057ae6a824929aabebc98d4832585b329e285045b2eea449f1509f19b91c2e6
Malware Config
Extracted
Family
cryptbot
C2
nimvsw42.top
morpwz04.top
Attributes
-
payload_url
http://noirsb05.top/download.php?file=lv.exe
Signatures
-
CryptBot Payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/1104-61-0x0000000001CD0000-0x0000000001DB1000-memory.dmp family_cryptbot behavioral1/memory/1104-62-0x0000000000400000-0x00000000004E5000-memory.dmp family_cryptbot -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
SecuriteInfo.com.Troj.Kryptik-TR.832.4367.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString SecuriteInfo.com.Troj.Kryptik-TR.832.4367.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 SecuriteInfo.com.Troj.Kryptik-TR.832.4367.exe