Analysis
-
max time kernel
3s -
max time network
46s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
15-07-2021 09:49
Static task
static1
Behavioral task
behavioral1
Sample
58fa567894c7dc28d2b7f0d7f3886512.exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
58fa567894c7dc28d2b7f0d7f3886512.exe
-
Size
721KB
-
MD5
58fa567894c7dc28d2b7f0d7f3886512
-
SHA1
d8b23608392d87729b6512046f926d83ec27ffd1
-
SHA256
7e19416205cfb8e056d4628bdeb635e29cefba04fcb21ee55e7b0077427e4c99
-
SHA512
a3e45bb8656c53ae0af2a06363013b0379f7370418013ed83d48d4a8af4f70ac0f50ecbb02287480d3f79dd1c5e12e3949e44adf071d03cf4409f6e40592d5b2
Malware Config
Extracted
Family
cryptbot
C2
wymbhy32.top
moriue03.top
Attributes
-
payload_url
http://hofxuo04.top/download.php?file=lv.exe
Signatures
-
CryptBot Payload 2 IoCs
resource yara_rule behavioral1/memory/1104-60-0x0000000002200000-0x00000000022D1000-memory.dmp family_cryptbot behavioral1/memory/1104-61-0x0000000000400000-0x0000000000A20000-memory.dmp family_cryptbot -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 58fa567894c7dc28d2b7f0d7f3886512.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 58fa567894c7dc28d2b7f0d7f3886512.exe