Analysis
-
max time kernel
9s -
max time network
12s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
20-06-2021 22:31
Static task
static1
Behavioral task
behavioral1
Sample
58e5562209d50978efd614dd040ef4ca.exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
58e5562209d50978efd614dd040ef4ca.exe
-
Size
764KB
-
MD5
58e5562209d50978efd614dd040ef4ca
-
SHA1
d225a1f15ac4f8b96be737b3905f050fc2dc3a31
-
SHA256
530656ad87a4e5c0f07998323ebca34348af7c7a2e585196f2d0c73580832e36
-
SHA512
4ecc904931853d5f9611e376cac01f018734e6fefee78b005b2f342f1f0750d31859831fdbc99bdbce0e5578c29a90f655dabd14beb4d747879c3a2529491c6f
Malware Config
Extracted
Family
cryptbot
C2
kiykae72.top
morgon07.top
Attributes
-
payload_url
http://peomyn10.top/download.php?file=lv.exe
Signatures
-
CryptBot Payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/1824-60-0x0000000002250000-0x0000000002331000-memory.dmp family_cryptbot behavioral1/memory/1824-61-0x0000000000400000-0x000000000095D000-memory.dmp family_cryptbot -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
58e5562209d50978efd614dd040ef4ca.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 58e5562209d50978efd614dd040ef4ca.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 58e5562209d50978efd614dd040ef4ca.exe