Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
19/01/2022, 21:57
Static task
static1
Behavioral task
behavioral1
Sample
979d1d97ef97c7ae5737a88e87757ec4.exe
Resource
win7-en-20211208
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
979d1d97ef97c7ae5737a88e87757ec4.exe
Resource
win10v2004-en-20220112
0 signatures
0 seconds
General
-
Target
979d1d97ef97c7ae5737a88e87757ec4.exe
-
Size
750KB
-
MD5
979d1d97ef97c7ae5737a88e87757ec4
-
SHA1
90d243cb67821975da1b13582476779eff5be9a5
-
SHA256
d6255b4b18e6f07c4708cf6344163dfe3197cf403957bf3085a6a737bb37b038
-
SHA512
05c60e3714d906ea985a923ebda9e2efca17dfe29bfe9169f8e14f7053dd2871d9fa6bafb1d56919c07041be8841cfba82811ac1868398e2587ca25433727b4f
Malware Config
Extracted
Family
cryptbot
C2
smarew72.top
moriwi07.top
Attributes
-
payload_url
http://guruzo10.top/download.php?file=lv.exe
Signatures
-
CryptBot Payload 2 IoCs
resource yara_rule behavioral1/memory/288-55-0x00000000004F0000-0x00000000005D1000-memory.dmp family_cryptbot behavioral1/memory/288-56-0x0000000000400000-0x00000000004E5000-memory.dmp family_cryptbot -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 979d1d97ef97c7ae5737a88e87757ec4.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 979d1d97ef97c7ae5737a88e87757ec4.exe