Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
12-01-2024 06:50
Static task
static1
Behavioral task
behavioral1
Sample
55c61c75644d75f6db561a8fb294876b.exe
Resource
win7-20231129-en
General
-
Target
55c61c75644d75f6db561a8fb294876b.exe
-
Size
630KB
-
MD5
55c61c75644d75f6db561a8fb294876b
-
SHA1
26c72345b1d08ca1f2078f071674dfd01610e313
-
SHA256
0274cb61fea6621c4d2d7eced3bfc1fbf14d890024cc19a9e1c694693547a06b
-
SHA512
8d52eea1b91249299e7e0abb754e4e2c26e1cdde755602926b24515d32c2d759b82a63a4dc42da209355b498de4232137d1e024a2706ce596d82f89a074eec8f
-
SSDEEP
12288:VCGapkxc+9mXC7/KXw2cmLRs7ILVkwSxtafqaE:P4icGmu/KXjcmzLVkwaafq
Malware Config
Extracted
cryptbot
ewakyc72.top
moraiw07.top
-
payload_url
http://winfyn10.top/download.php?file=lv.exe
Signatures
-
CryptBot payload 4 IoCs
Processes:
resource yara_rule behavioral2/memory/5244-2-0x00000000030C0000-0x0000000003160000-memory.dmp family_cryptbot behavioral2/memory/5244-3-0x0000000000400000-0x000000000146F000-memory.dmp family_cryptbot behavioral2/memory/5244-208-0x0000000000400000-0x000000000146F000-memory.dmp family_cryptbot behavioral2/memory/5244-213-0x00000000030C0000-0x0000000003160000-memory.dmp family_cryptbot -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
55c61c75644d75f6db561a8fb294876b.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 55c61c75644d75f6db561a8fb294876b.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 55c61c75644d75f6db561a8fb294876b.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
Processes:
55c61c75644d75f6db561a8fb294876b.exepid process 5244 55c61c75644d75f6db561a8fb294876b.exe 5244 55c61c75644d75f6db561a8fb294876b.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5a928207881edcd97458002955a02d4a6
SHA1765960f800f6e6185d8c1265c15417383251a39f
SHA25657a42a995368f612624be34e3c3e04ece4e74e36dac78d12901595b94b7c5964
SHA5125c9ef31435f665af428a9d594f11efe2376598facace7abe396b0ac848daa981d05103f0ceb3bbee169e2bcce23683fd563547b90f3e439168f9eb21d29c6f5c
-
Filesize
2KB
MD544b405e9869b1bbd1c2fff2fe1114b44
SHA1491742bf86dbaaed33602c8bd85f8f188ed1f64f
SHA2560e1ee4a28dffcaa702f25b1cf930b9e36950c049c5c9cb4702e3a7b9df67862f
SHA512dcbdf4dc91853f35f863bb0509dbf55436fb0bf6ca201bd414240dad27c5618cb108133950e05d5e4b6bbde01e272f2c4c8ae4b17f4be84db004465cc3a45d9f
-
Filesize
4KB
MD5a2be10154dcf92db4079f587c11e80f3
SHA16070a416ef2cea38091295785768a601276a3f14
SHA2562a961c8a45d1bd56f72bab911be779e3f8c588f3617fa09aa4cfdbb320308f5d
SHA512e45fa94a1ae6d96783476d5039991fe6fcf27dc0d54f31a193138e4ead18ed7f05e80d04145b74af12a1b493b13dfdee1e24b0ad76bd2a478377e7745a6723a3
-
Filesize
46KB
MD53da2cab0b1a53f5e4f97f2257099ce0a
SHA113cd76483114278f485d13c1779cba3d0384f32d
SHA25644195e231484cc1817a2b0149b456ab545a5e0857ab25875f6a6548ba716ed73
SHA512b1809b02e795b2ad405f823d55a7c33c667ca3f93ca68fb3d66c35582a93fe292de71ae087b9b30459b13c6d57206f5a7a349540599c81f99acfc04ec11def92
-
Filesize
7KB
MD537e678e468b4f848038edee62f6fa748
SHA1b7e6c5682a668bfe2d9aa8e681106bdda2773f98
SHA256e321853e76089fc0ad98064a8ae07493ea63bd9bce5c17900c40e2905df9cbc9
SHA512b62eebc73e475f360d4a2ee6f181f8b8a907906662951daca3d6e51e72f753c47c5089461cf46614b305c5e957b4888abf22458ecdec597cd1635c9a252cc413
-
Filesize
40KB
MD506d7f84546f61dce449c7fd4731f7628
SHA17baf85cabb65f87382eadaad8e132f04f18cdd78
SHA25657feae3a92867f1c9ecca0c8a4501cbfb15681ef047014832e9b5af371ef5167
SHA512387ca55aecab9d0ae78c8cbbd46b68e093950aefdeacef8ccd1c78432a9428ad534e4debb783fe0702e963da6503979a91b709c38318259b2f624d24d486bf96
-
Filesize
40KB
MD50f171ea374275f8a8a6498dae5776801
SHA17d5dbdf777fbf40af9250e4e0aac6bed3acd2649
SHA2560292ae149090ebcb43f05d1e7ff2cd8d7426f12cf385435adb3b5f26e67020d4
SHA51221b8ed712542db14a51827d1d3d54410e4852f8657edda250dbcb8204d6b704af50bc72833ca6048f88d01e2af6be1fe8f3e42f087c0e534919ec34e04294995