Analysis
-
max time kernel
152s -
max time network
152s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
19-10-2021 14:29
Static task
static1
Behavioral task
behavioral1
Sample
c316a19809d7a6407c7fcec296445375.exe
Resource
win7-en-20211014
General
-
Target
c316a19809d7a6407c7fcec296445375.exe
-
Size
386KB
-
MD5
c316a19809d7a6407c7fcec296445375
-
SHA1
93babfad2f6bd39214c0eeecc18bc0ac9e0e9d70
-
SHA256
1341aa92c98b555b4ff1e1326b8dab052b4396526c659cbc43007b880643891d
-
SHA512
bacccdcf8cfb1891d948259cbae5b83477ce4e3602a50e7c1e1c29c713ab55b6705e0901146e61fec59c42b8d618ab33c338100f4fb190116f9d10e78a948028
Malware Config
Extracted
cryptbot
veobav12.top
morysl01.top
-
payload_url
http://tyngle01.top/download.php?file=lv.exe
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
c316a19809d7a6407c7fcec296445375.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 c316a19809d7a6407c7fcec296445375.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString c316a19809d7a6407c7fcec296445375.exe