Analysis
-
max time kernel
6s -
max time network
53s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
25-07-2021 07:06
Static task
static1
Behavioral task
behavioral1
Sample
c3c559e832052bbf33f52f6f8b0ff086.exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
c3c559e832052bbf33f52f6f8b0ff086.exe
-
Size
701KB
-
MD5
c3c559e832052bbf33f52f6f8b0ff086
-
SHA1
23477b75572d17b1d47b9670862aa174fb55d166
-
SHA256
838edfe6cbf7b8fb1f0d3d99535f15ef22b651fa82a9f31a50c3cae435a0af0c
-
SHA512
2a1e3e9676b103d23947b2271059f59f0bd71559071805f8650c6a27168016cff791ec3c7f2102740b1e1b9a6c5f34775a9a58d2ae3215f9bf386827d9da4583
Malware Config
Extracted
Family
cryptbot
C2
smauvo62.top
mortuh06.top
Attributes
-
payload_url
http://gurswi09.top/download.php?file=lv.exe
Signatures
-
CryptBot Payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/1140-60-0x00000000002D0000-0x00000000003B1000-memory.dmp family_cryptbot behavioral1/memory/1140-61-0x0000000000400000-0x0000000000919000-memory.dmp family_cryptbot -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
c3c559e832052bbf33f52f6f8b0ff086.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 c3c559e832052bbf33f52f6f8b0ff086.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString c3c559e832052bbf33f52f6f8b0ff086.exe