Overview

overview

10

Static

static

b459692e80...3d.exe

windows7_x64

10

b459692e80...3d.exe

windows10_x64

10

Analysis

  • max time kernel
    122s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    08-06-2021 09:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b459692e802efcbc858497ef0d54eb5f30d2ae75e703d.exe

  • Size

    716KB

  • MD5

    4d8805c5c4e7197d6b90b5ec1827c068

  • SHA1

    bde56cd30d7866925626ba14c01528150c9ab8a5

  • SHA256

    b459692e802efcbc858497ef0d54eb5f30d2ae75e703d4cb85ce29d895adc911

  • SHA512

    c4d4ea665f96f1efb8e0218fb64f1c4f375d3faeebdb935b60867f65f55bf18cd96f6a7aa0ea5758144607f8270ac66a718342cb1e78e8442fd1cdcd116ebe44

Score
10/10
cryptbotspywarestealer

Malware Config

Extracted

Family

cryptbot

C2

olmrso12.top

morleg01.top
Attributes
  • payload_url

    http://vamgha01.top/download.php?file=lv.exe

Signatures

  • CryptBot

    A C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot
  • CryptBot Payload 2 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\b459692e802efcbc858497ef0d54eb5f30d2ae75e703d.exe
    "C:\Users\Admin\AppData\Local\Temp\b459692e802efcbc858497ef0d54eb5f30d2ae75e703d.exe"
    1⤵
    • Checks processor information in registry
    PID:1920

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1920-60-0x0000000076691000-0x0000000076693000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1920-61-0x0000000001D60000-0x0000000001E41000-memory.dmp

    Filesize

    900KB

    Download

  • memory/1920-62-0x0000000000400000-0x00000000004E5000-memory.dmp

    Filesize

    916KB

    Download