cryptbot | 1080-62-0x0000000000030000-0x0000000000C85000-memory[.]dmp | Triage

Submit
Reports

Overview

overview

Static

static

1080-62-0x...ry.exe

windows7-x64

1080-62-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1080-62-0x0000000000030000-0x0000000000C85000-memory.exe

Resource

win7-20221111-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

1080-62-0x0000000000030000-0x0000000000C85000-memory.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

150 seconds

General

Target

1080-62-0x0000000000030000-0x0000000000C85000-memory.dmp
Size

12.3MB
MD5

4a3e6fb48675c3ec3ff9e0222352a783
SHA1

9a34317b97243850ee737b86cab5373455f8ddd8
SHA256

ee6a8fd5c4d415a7ce498c8358e9b5c8edc9a57f870f8ba39e255980e2958e59
SHA512

a3412f02f7162df615f7a08d65cace9665719f7daceb1e6ad5efdfc94cf712354ffe0d14a12fb6e25054bef0fefde3aa8954edcdf7a7638d3649cc830120107c
SSDEEP

393216:LJUlqZeCR6849eKrFGBprLXyHGIfOIPBMIshAFkemVVfhB3:LSlqtPKwibfOIZM/hWvCVfh

Score

10^/10

cryptbot

Malware Config

Extracted

Family

cryptbot

C2

http://kudalf32.top/gate.php

Attributes

payload_url
http://tamgav04.top/xyloid.dat

Signatures

Cryptbot family
cryptbot

Files

1080-62-0x0000000000030000-0x0000000000C85000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xyz0
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xyz1
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xyz2
Size: 7.2MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 492KB - Virtual size: 491KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy