Overview

overview

10

Static

static

e78d09e4b3...86.exe

windows7_x64

10

e78d09e4b3...86.exe

windows10_x64

10

Analysis

  • max time kernel
    120s
  • max time network
    172s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    06-06-2021 07:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e78d09e4b3b67ee6daa67a2e56af5f86.exe

  • Size

    706KB

  • MD5

    e78d09e4b3b67ee6daa67a2e56af5f86

  • SHA1

    cbf392057b31e7a9efb2ac0a3de150997eff6367

  • SHA256

    ca466b470e363aed1f3cf597e060862335d22bf6919bc7e9518fbe80f3631f15

  • SHA512

    c4c49b320537b3eaa6d49d56b008db123c04cf99fb1be87b9f5d682839abb717946526f5d3bd35551b3921732dcd5454b4f773e4f351e98942ced5f19cf31e80

Score
10/10
cryptbotspywarestealer

Malware Config

Extracted

Family

cryptbot

C2

nimtcg62.top

morvqk06.top
Attributes
  • payload_url

    http://noirym08.top/download.php?file=lv.exe

Signatures

  • CryptBot

    A C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot
  • CryptBot Payload 2 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\e78d09e4b3b67ee6daa67a2e56af5f86.exe
    "C:\Users\Admin\AppData\Local\Temp\e78d09e4b3b67ee6daa67a2e56af5f86.exe"
    1⤵
    • Checks processor information in registry
    PID:1048

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1048-60-0x0000000075591000-0x0000000075593000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1048-61-0x0000000000300000-0x00000000003E1000-memory.dmp

    Filesize

    900KB

    Download

  • memory/1048-62-0x0000000000400000-0x00000000004E5000-memory.dmp

    Filesize

    916KB

    Download