Analysis
-
max time kernel
301s -
max time network
303s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
20-10-2021 08:54
Static task
static1
Behavioral task
behavioral1
Sample
mixshop_20211019-200154.exe
Resource
win7-en-20211014
General
-
Target
mixshop_20211019-200154.exe
-
Size
373KB
-
MD5
a2203019198955a1e07a1251cbf73a84
-
SHA1
1f19ddd874f12050e624daed1a08c1097717ef7a
-
SHA256
6bcc93c0e0be1868a9205a42f4d0154e61e0ec4473bfa3e4a24fb3de4933539c
-
SHA512
43b32f7d2ab6a57ec291e4380ae84b31317c3b7783701f430cd950b521f5b7e6065805b68052f31434279e854c54d11c04f23d10b0eba52e61aa5a873cd7ba47
Malware Config
Extracted
cryptbot
veoqkb22.top
morpib02.top
-
payload_url
http://tyncel11.top/download.php?file=lv.exe
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
mixshop_20211019-200154.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 mixshop_20211019-200154.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString mixshop_20211019-200154.exe