Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    19/01/2022, 21:57

General

  • Target

    979d1d97ef97c7ae5737a88e87757ec4.exe

  • Size

    750KB

  • MD5

    979d1d97ef97c7ae5737a88e87757ec4

  • SHA1

    90d243cb67821975da1b13582476779eff5be9a5

  • SHA256

    d6255b4b18e6f07c4708cf6344163dfe3197cf403957bf3085a6a737bb37b038

  • SHA512

    05c60e3714d906ea985a923ebda9e2efca17dfe29bfe9169f8e14f7053dd2871d9fa6bafb1d56919c07041be8841cfba82811ac1868398e2587ca25433727b4f

Malware Config

Extracted

Family

cryptbot

C2

smarew72.top

moriwi07.top

Attributes
  • payload_url

    http://guruzo10.top/download.php?file=lv.exe

Signatures

  • CryptBot

    A C++ stealer distributed widely in bundle with other software.

  • CryptBot Payload 2 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\979d1d97ef97c7ae5737a88e87757ec4.exe
    "C:\Users\Admin\AppData\Local\Temp\979d1d97ef97c7ae5737a88e87757ec4.exe"
    1⤵
    • Checks processor information in registry
    PID:288

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/288-53-0x00000000005E0000-0x0000000000679000-memory.dmp

          Filesize

          612KB

        • memory/288-54-0x0000000075D61000-0x0000000075D63000-memory.dmp

          Filesize

          8KB

        • memory/288-55-0x00000000004F0000-0x00000000005D1000-memory.dmp

          Filesize

          900KB

        • memory/288-56-0x0000000000400000-0x00000000004E5000-memory.dmp

          Filesize

          916KB