Analysis
-
max time kernel
9s -
max time network
15s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
27-07-2021 16:06
Static task
static1
Behavioral task
behavioral1
Sample
3aa1f98b275f4e2d8febb9e4478c5524.exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
3aa1f98b275f4e2d8febb9e4478c5524.exe
-
Size
758KB
-
MD5
3aa1f98b275f4e2d8febb9e4478c5524
-
SHA1
112cdacb64629da494eee7cac8b3a7b606e78bfe
-
SHA256
07efd513a02e8c30296f7b73488d9a74796849787df14af028266cd79c89d51f
-
SHA512
b7ca79b24281d0b94668ec8812a725f5c084efd9901c353aafd51d76055e708bc66302367c0b4ebb4546b4f314983bb6160a5ba507b4601513d19e8aa6b11130
Malware Config
Extracted
Family
cryptbot
C2
ewaisg12.top
morvay01.top
Attributes
-
payload_url
http://winezo01.top/download.php?file=lv.exe
Signatures
-
CryptBot Payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/1028-62-0x0000000000400000-0x00000000004E5000-memory.dmp family_cryptbot behavioral1/memory/1028-61-0x0000000001D50000-0x0000000001E31000-memory.dmp family_cryptbot -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
3aa1f98b275f4e2d8febb9e4478c5524.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 3aa1f98b275f4e2d8febb9e4478c5524.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 3aa1f98b275f4e2d8febb9e4478c5524.exe