Analysis
-
max time kernel
6s -
max time network
18s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
27-07-2021 15:37
Static task
static1
Behavioral task
behavioral1
Sample
737d02c261755ff5c920fa52d4f03fce.exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
737d02c261755ff5c920fa52d4f03fce.exe
-
Size
758KB
-
MD5
737d02c261755ff5c920fa52d4f03fce
-
SHA1
bf966e82d41c1fe537763339fa779e3ba9236331
-
SHA256
50f41c07db1d0d625cd0746a78dc15a1193f4fd0f80e6a4df40315f24efe2110
-
SHA512
83f0abaacb5c470d31372d97a0aae5e64bfbb73c401341e71be9d65984346d4ea68cae09a400f36567daf604e81db4d3806dfffbf5e2c4668e8c079688382bfb
Malware Config
Extracted
Family
cryptbot
C2
ewaisg12.top
morvay01.top
Attributes
-
payload_url
http://winezo01.top/download.php?file=lv.exe
Signatures
-
CryptBot Payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/2020-61-0x00000000004F0000-0x00000000005D1000-memory.dmp family_cryptbot behavioral1/memory/2020-62-0x0000000000400000-0x00000000004E5000-memory.dmp family_cryptbot -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
737d02c261755ff5c920fa52d4f03fce.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 737d02c261755ff5c920fa52d4f03fce.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 737d02c261755ff5c920fa52d4f03fce.exe