Overview

overview

10

Static

static

33a16e2862...c4.exe

windows7_x64

10

33a16e2862...c4.exe

windows10_x64

10

Analysis

  • max time kernel
    4s
  • max time network
    11s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    15-07-2021 09:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    33a16e2862754c9f4bc6711a4517dac4.exe

  • Size

    676KB

  • MD5

    33a16e2862754c9f4bc6711a4517dac4

  • SHA1

    841aa45a975c073ed25627fba062bad741de97cc

  • SHA256

    df85a38611751933558ef9e7da81e81025ffc5e5e92cedaf4d97fb0b9f147422

  • SHA512

    b1b34246d33cf916a4b5d4899a46139be4d3ac4aaa2279080e92e4e5090670902a42dccbcf90a382ddafda4449e8ba3da3b52e11c7ff859744e88f13b82913ba

Score
10/10
cryptbotspywarestealer

Malware Config

Extracted

Family

cryptbot

C2

wymbdu42.top

morkus04.top
Attributes
  • payload_url

    http://hofiwb05.top/download.php?file=lv.exe

Signatures

  • CryptBot

    A C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot
  • CryptBot Payload 2 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\33a16e2862754c9f4bc6711a4517dac4.exe
    "C:\Users\Admin\AppData\Local\Temp\33a16e2862754c9f4bc6711a4517dac4.exe"
    1⤵
    • Checks processor information in registry
    PID:1084

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1084-59-0x00000000752F1000-0x00000000752F3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1084-60-0x00000000023A0000-0x0000000002471000-memory.dmp

    Filesize

    836KB

    Download

  • memory/1084-61-0x0000000000400000-0x0000000000A24000-memory.dmp

    Filesize

    6.1MB

    Download