Analysis
-
max time kernel
151s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
20-01-2024 01:23
Static task
static1
Behavioral task
behavioral1
Sample
6920aa5adac327d0b77bcbcf2c105098.exe
Resource
win7-20231215-en
General
-
Target
6920aa5adac327d0b77bcbcf2c105098.exe
-
Size
701KB
-
MD5
6920aa5adac327d0b77bcbcf2c105098
-
SHA1
750a44564b2a4f5199c3be46183ea7ed12215f29
-
SHA256
b937f9098ea56ff4120f21634aaf765cd11f62950cbcf1f4727cc673785a9560
-
SHA512
1257bea8df52390bc0a158eabb1a931340fefc18161884d4901ccc2a836d818ffe766850e23311885fdae315a7245303a35eb0970868506bb245fc92c6bb2aad
-
SSDEEP
12288:u6i7jDNvrm737MOxTAc2NT0c7C4S5JfsZmjb2c36kMtEcZua+rCR8/6Pdfr84elm:zYvkz7Fm07Cwb2cjMScZua+rCR8aIXov
Malware Config
Extracted
cryptbot
fokuti41.top
morwiv04.top
-
payload_url
http://nybyoi06.top/download.php?file=lv.exe
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
6920aa5adac327d0b77bcbcf2c105098.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 6920aa5adac327d0b77bcbcf2c105098.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 6920aa5adac327d0b77bcbcf2c105098.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
Processes:
6920aa5adac327d0b77bcbcf2c105098.exepid process 2376 6920aa5adac327d0b77bcbcf2c105098.exe 2376 6920aa5adac327d0b77bcbcf2c105098.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46KB
MD5013ceea176da651e55d1075865117677
SHA1914a1d6f8b44e0a855097a38e2953eb6325d7b21
SHA256b223e2d9cc8e0b7a4ddb1424fcb3a0d554f5d8734b37fe120937c72fb8471d0f
SHA5120784e9e2a29c03b47da5b1fc57015ebf780eb7b2d8772642a9947577c5376a8a4bb76f6192248fae0355eaebefeaaf425a366515cb7217d89c4373cecc10fe6b
-
Filesize
1KB
MD5947505e9747ec4eabef836abcc91b2ad
SHA119b1f54c6eb03765167bfc62df9a600c1917b737
SHA2563ff9d8a0105613e3603fc108ac0477e5ff98d7804d0a6427ba5656dad5a558da
SHA51209b4ea6d97dc66ca000428eae65ac27d5e578bea1123f3096547ceb0b5526d4e72498b4278913fd3638539c5ec11faa23c85cccc8a4be8cf9189d8658b60b575
-
Filesize
2KB
MD5041772a5665a6876e2be990aa8227a27
SHA17a2b564866678c6add46b7e1a94e3c0499659caa
SHA2567e9af1c72d3f42a207c35bb98e05d689116b8bd1cf0510c7ddd77a19ba70ce5b
SHA5122c6125679735a14be912ce056887a58af086d17ab6befee82f2b64f105a46ce0f39ad59a3799747a5a35bfc21e066615488aa81b6fc0e69bfc95dec6685da1e0
-
Filesize
7KB
MD5e225d30bf20d0f79f0a34447168455af
SHA1d93bf0bb31b4b156706850fd7a14c0032f1771d6
SHA25672c3f6860fdf60df3ee1c7ee37e44e5b3d586553992483d1b7d0f95d84b85162
SHA5120858d8fb3c982df72a20565ccc33df4e291d9bd435ea013c2abd5391d08992cce4433daeb4d52b8b2d4206b17b4312456c552ee14b7c4a962a04067339aaadb2
-
Filesize
51KB
MD5de5b85b11b03e97ee91f21128a03e795
SHA14762cee80d9f7fab2d84f2614581fe5a347f5cb2
SHA25625ea8c3709fcfcbfebc573bc1536e7abb7226a1f382455e93fcd5e655a5af287
SHA5129f2e08ba7a372af623d97a9de9947c676fd6132c132efcdbee7073069ddf32ad75597e1205e8d675867e3f68f9aa6d0c09ff349ae42a81b1a7a2d94010ae2083
-
Filesize
808B
MD5dda65fdd08cc7179a5d99a2714300581
SHA1f880560a51b59c7f1f1e0dd04b4aad17a54d6ca7
SHA25651d86c00e9a4f16e2b0c49e9bcbfd1b149337052dc47ddbc2e66ed418d21076b
SHA5121d1f2c7eff60412e6c313996cce8ff1856d97c992db05fea27c52ac2c23b3f5ab3fe1f156e097ff3927c4871f5d87d7e34ad65b855b5d127ae170ab97572e169
-
Filesize
3KB
MD5cb8ede430b3e9f6441de48e9362248b9
SHA147f7bc4655d0b69c211cdeaf792b6fc2868e55ad
SHA256368c7aa2a0df76de37005cb66d22411c4cfde6947fc0b83b5045c1bb36731a1a
SHA512c64f3833ff3fe280eb94d2918591fa9add94ab2836b05879469d132518d46b8743d2c6ace5bd800ceef923eb27957d3c13f78d4396f0501fc6e7374a1923294b
-
Filesize
4KB
MD5cb2ec89d1ad166671d5c904d8f76ab34
SHA1a658c13d453ff92e4927b2f53d6a5a828df4a378
SHA256bcfd9a8383caeeaa43158146d9b2ad9a83798844e25f9ba25cea7496bb163899
SHA512049e5326a9e7d2cf9be378ced4813c1c590414a9211586275ac18ced33669b0c050c2578b3a611a767b02b28d1fe8a78cf110c273f8f1e18bcd6a54c164836dd
-
Filesize
7KB
MD58a39e4fad89f5b2d2fb4ad699fff2302
SHA105f215572f1ddcd65f655ab76f92d1ed3d0b406d
SHA25670075bf23375961dd2ac501e2aab2a4b88457d666e1c74ca09661efdcdc156ca
SHA51294f1443425223ec83561c38ef3966cb71d470b3f0a6bf5f327b88aa03846cc0fb3ad56e1fab4776044cc564171272ae6c610f66f4838ae960dfce7706549da87