Overview

overview

10

Static

static

ec36989321...fd.exe

windows7_x64

10

ec36989321...fd.exe

windows10_x64

10

Analysis

  • max time kernel
    3s
  • max time network
    55s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    15-07-2021 09:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ec36989321fb62bb857a24a53d1491fd.exe

  • Size

    694KB

  • MD5

    ec36989321fb62bb857a24a53d1491fd

  • SHA1

    28de531b6da8f80b0452c109dcf30bc1efee23f9

  • SHA256

    eb4e54c1372f7002b2b49a9918e67f84d65e52f1b12c5b7313420a48d5305e41

  • SHA512

    e71009f296d2b9cb07c6a30fe0798db527aa756177478116b53067e8b55ae17d2ebdb7b4ecb9587fe052d424fa643e9bf3ecd0821d613a0545f8546702c722b7

Score
10/10
cryptbotspywarestealer

Malware Config

Extracted

Family

cryptbot

C2

wymbdu42.top

morkus04.top
Attributes
  • payload_url

    http://hofiwb05.top/download.php?file=lv.exe

Signatures

  • CryptBot

    A C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot
  • CryptBot Payload 2 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\ec36989321fb62bb857a24a53d1491fd.exe
    "C:\Users\Admin\AppData\Local\Temp\ec36989321fb62bb857a24a53d1491fd.exe"
    1⤵
    • Checks processor information in registry
    PID:1644

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1644-59-0x00000000766D1000-0x00000000766D3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1644-60-0x0000000000A30000-0x0000000000B01000-memory.dmp

    Filesize

    836KB

    Download

  • memory/1644-61-0x0000000000400000-0x0000000000A28000-memory.dmp

    Filesize

    6.2MB

    Download