Analysis
-
max time kernel
3s -
max time network
115s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
31-12-2023 11:24
Static task
static1
Behavioral task
behavioral1
Sample
3436bc5cb6d4783a01dbfac2504343cb.exe
Resource
win7-20231215-en
General
-
Target
3436bc5cb6d4783a01dbfac2504343cb.exe
-
Size
559KB
-
MD5
3436bc5cb6d4783a01dbfac2504343cb
-
SHA1
ab90b850b9eb00a034b5cbdce8c2a5abdd04b132
-
SHA256
0491af1e13f4b5d1725e5320e15d5aa0470d726418da43c6d08706d2f978d5ab
-
SHA512
2cccffb89620206653a8a48f28bebd6e62a85008346638809e743eccb40dd65058c837598a5e61fb5fdf1b62934672271c19499a4ff78b5321eaa5eac3c13eab
-
SSDEEP
12288:7KO7xpz80l/qX/nXut0dvnEUXrGvceCZwTsvsQ:9tqPn+t0dHrIceCZw
Malware Config
Extracted
cryptbot
haiezf32.top
morcyr03.top
-
payload_url
http://zelstb04.top/download.php?file=lv.exe
Signatures
-
CryptBot payload 4 IoCs
Processes:
resource yara_rule behavioral2/memory/3212-2-0x0000000004900000-0x00000000049A0000-memory.dmp family_cryptbot behavioral2/memory/3212-3-0x0000000000400000-0x0000000002CC3000-memory.dmp family_cryptbot behavioral2/memory/3212-208-0x0000000000400000-0x0000000002CC3000-memory.dmp family_cryptbot behavioral2/memory/3212-213-0x0000000004900000-0x00000000049A0000-memory.dmp family_cryptbot -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
3436bc5cb6d4783a01dbfac2504343cb.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 3436bc5cb6d4783a01dbfac2504343cb.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 3436bc5cb6d4783a01dbfac2504343cb.exe