Analysis
-
max time kernel
9s -
max time network
40s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
12-06-2021 05:40
Static task
static1
Behavioral task
behavioral1
Sample
15e5952202554ed8763ed95daae3c8ee.exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
15e5952202554ed8763ed95daae3c8ee.exe
-
Size
777KB
-
MD5
15e5952202554ed8763ed95daae3c8ee
-
SHA1
fb20fa228cdb807f243a44563deae85ecd99360b
-
SHA256
a3dc572a998763e1e8c80ce608fdd06faebe9139648bc3c2f65e58ea6a4c483e
-
SHA512
e650a303092caaed9607f2583ee48d0a82dbee11ae220c1b86994ba2cc04dcb43f398d78247fcd174875226480dabab8fcbc5d497c06998654f95b7b62a8a075
Malware Config
Extracted
Family
cryptbot
C2
olmsgv52.top
morika05.top
Attributes
-
payload_url
http://vamhgx07.top/download.php?file=lv.exe
Signatures
-
CryptBot Payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/1652-60-0x0000000001CC0000-0x0000000001DA1000-memory.dmp family_cryptbot behavioral1/memory/1652-61-0x0000000000400000-0x00000000004E5000-memory.dmp family_cryptbot -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
15e5952202554ed8763ed95daae3c8ee.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 15e5952202554ed8763ed95daae3c8ee.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 15e5952202554ed8763ed95daae3c8ee.exe