Analysis
-
max time kernel
147s -
max time network
149s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
27/01/2022, 17:28
Static task
static1
General
-
Target
bf51bc4bba9638f5411821d48ef31e7e478c28f3.exe
-
Size
1.3MB
-
MD5
ff99d60ef8dbf1a27b38e3cd86f2c037
-
SHA1
bf51bc4bba9638f5411821d48ef31e7e478c28f3
-
SHA256
188d31cc6d4e4a75f41b6593331a92c5453bbb4c38b790b9a253f2a4c3e2048d
-
SHA512
d244c3088731d70afd078a53735e4380476878aee8e0b54d2cccbf9985727c5f5d17933ea9cd23d8ef6e174bd9ca90c82402f9a0cda8582633aca62a1b571bee
Malware Config
Extracted
cryptbot
gomvub75.top
morder07.top
-
payload_url
http://peugbe10.top/download.php?file=lierne.exe
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString bf51bc4bba9638f5411821d48ef31e7e478c28f3.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 bf51bc4bba9638f5411821d48ef31e7e478c28f3.exe