Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
11-01-2024 23:59
Static task
static1
Behavioral task
behavioral1
Sample
54efb1309d76e87c2185b576e3783247.exe
Resource
win7-20231215-en
General
-
Target
54efb1309d76e87c2185b576e3783247.exe
-
Size
662KB
-
MD5
54efb1309d76e87c2185b576e3783247
-
SHA1
9111f54d035c70780a1decc4d808356cf1857940
-
SHA256
5de12d55a698805ec98ada5964711f226fd1d4a424daf7062f178dbf52702cd5
-
SHA512
e3be1ec27f080280b826429d0457c1560d2f6dc33b20e0af349a8d6b03ef6836c3df4bc5808f813d572fe7b0b7c694920931176fe45add7250fa6e823c943a3e
-
SSDEEP
12288:KzxWqgM8Yi/u5J3noTJDA8pTW8AawUb6nQHQ+5FChY9Cpi+oAg/Dt/zqH/iTQ:S0RM87HMF8VwUbJ/C7CL/DRuHSQ
Malware Config
Extracted
cryptbot
lysayu42.top
morbyn04.top
-
payload_url
http://damhlu05.top/download.php?file=lv.exe
Signatures
-
CryptBot payload 4 IoCs
Processes:
resource yara_rule behavioral2/memory/3776-2-0x0000000000BE0000-0x0000000000C80000-memory.dmp family_cryptbot behavioral2/memory/3776-3-0x0000000000400000-0x000000000095B000-memory.dmp family_cryptbot behavioral2/memory/3776-208-0x0000000000400000-0x000000000095B000-memory.dmp family_cryptbot behavioral2/memory/3776-213-0x0000000000BE0000-0x0000000000C80000-memory.dmp family_cryptbot -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
54efb1309d76e87c2185b576e3783247.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 54efb1309d76e87c2185b576e3783247.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 54efb1309d76e87c2185b576e3783247.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
Processes:
54efb1309d76e87c2185b576e3783247.exepid process 3776 54efb1309d76e87c2185b576e3783247.exe 3776 54efb1309d76e87c2185b576e3783247.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40KB
MD51f6d938bf2cafec7ab782d0e82f6de4c
SHA1b8f00e147554f7bab6884414c463ab7d81c7b411
SHA25650f33d83f450e1344d7608e0c236f7156bae3468abdb51cb1da85800237f01b1
SHA512a52cba4ee96337e0e2bfdf36b4b6a2fab7d9b27b349d397d66dce083c03e3d9cd6973a6d88172b93db1ae98f73c4268a210392aca7ad4a82849bb1f021955b04
-
Filesize
40KB
MD55c0acdcd726ad68245d9b46bc4fe2b99
SHA127efb2dd928c6933c135882f1939cbf0797981f9
SHA2562c100fe6071883399ab74d7e6ed59e7c0dc9688f8349d664a1396887ba8595d1
SHA5121db21cc302c823aa6974e369d08694871662e33860d9d2ac92e079208065cc10d0faec98997e622a437fd5156c764fe08a01e17f684eab478bc1b62e26cb7a31
-
Filesize
2KB
MD5833b5534a5bbc77385b7e8be9c75090b
SHA17322d42249cd7794d2fb5e6747439728b80c4018
SHA25668e63977593748eccaf4ca241a2bf8f97217cffa10d9debfe67291794f18707b
SHA5120ed46b4e67a5e2dabc939f175cdb8e89988ef6786d5091ff2037583c95b78cae818b15078b572295e82e9345f48437047ad95da183ca639ec76bfa65b36df6ea
-
Filesize
4KB
MD5f3e6b2babbe893de5ada56f9d31bdad3
SHA131554baaf84954a6191718f0e69893aee45025f3
SHA256f26792cc37647df2c6c0d113d6d088059318042356cbef7547a34542cbf43935
SHA512e08d5e2c42cf6d0eb6c5be2527de9c064c13b3d999bf19bd87d3d6cd9dc1185e4fd7c2390c57f02f1f50282544798de799532214cf4e42be7e0214eeccdd03a0
-
Filesize
46KB
MD541d9792bcdec504fbf2f6a0e5125bb59
SHA1cd78db76b317281785e835a97939029fc9f19c5d
SHA256bd6e4cc51ef7c89ceb24f2bb5b0aaf02976f20b5f64bab7b7e66819e34750a92
SHA512939311a9be8634f7326e2fb775260f7afa9ee37021b277c7aee5d846feed7c22410ffb7a3a81c20a38e24de5cd50b62d1cadc9f1a69ca4e3680736cff6009547
-
Filesize
1KB
MD56a2a10d01c1bc8c28e2e349ba29534eb
SHA18fe587d7b43b9aa4c64d2d8a7be41c4b37bc5ce1
SHA2568acee47ea45ad7a263452c80ad37d5e24c1a2699d38cca56021015c4a80457bc
SHA51244f7d6845095d798fb8fdd06ca8b9b9a04c8c4adff165073656d459d3088972a816ed3a66c1d4d8d3014d74045eec0a0ded334789f76f2b8610e6ce114bac0e6
-
Filesize
4KB
MD54a57a0b9fcb6a138c5a9235a61819f36
SHA1fefc08fb0edcfbcc2486ee7bffe616558721563d
SHA256143f1f16d7cf5d326eb65f5179ab0c68df4e1bc83a127b7842618a9479d23ae9
SHA51279b60fc47dbd86d2e3f74a12e836b35401edd4e6047659c0cabeb78da93cf21f9b872bd64324b943318e1f57b3071a7c38b7923896deac909d1fddc5d292ce5e