General
-
Target
0369c702f727e52c53161518048c5b1c2e85fd20562f54fca6a782e29424e133
-
Size
1.8MB
-
Sample
220528-av7raaeedq
-
MD5
638983588b31575a8b27afcc5cfc18d2
-
SHA1
10a28ef3350cb9b469ed02029663be595294572a
-
SHA256
0369c702f727e52c53161518048c5b1c2e85fd20562f54fca6a782e29424e133
-
SHA512
3be67bb70eb2e9f06b383544ae5f0a570f4cb134f72eeaa206952ea4e4fc34447266f384661445f90d2965464cb695b1f7eac08201b95490fa4b3ab6c1178274
Static task
static1
Behavioral task
behavioral1
Sample
0369c702f727e52c53161518048c5b1c2e85fd20562f54fca6a782e29424e133.exe
Resource
win7-20220414-en
Malware Config
Extracted
cryptbot
cinvvv14.top
morsxd01.top
-
payload_url
http://binsas01.top/download.php?file=lv.exe
Targets
-
-
Target
0369c702f727e52c53161518048c5b1c2e85fd20562f54fca6a782e29424e133
-
Size
1.8MB
-
MD5
638983588b31575a8b27afcc5cfc18d2
-
SHA1
10a28ef3350cb9b469ed02029663be595294572a
-
SHA256
0369c702f727e52c53161518048c5b1c2e85fd20562f54fca6a782e29424e133
-
SHA512
3be67bb70eb2e9f06b383544ae5f0a570f4cb134f72eeaa206952ea4e4fc34447266f384661445f90d2965464cb695b1f7eac08201b95490fa4b3ab6c1178274
-
CryptBot Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-