Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 02:24

General

  • Target

    737d02c261755ff5c920fa52d4f03fce.exe

  • Size

    758KB

  • MD5

    737d02c261755ff5c920fa52d4f03fce

  • SHA1

    bf966e82d41c1fe537763339fa779e3ba9236331

  • SHA256

    50f41c07db1d0d625cd0746a78dc15a1193f4fd0f80e6a4df40315f24efe2110

  • SHA512

    83f0abaacb5c470d31372d97a0aae5e64bfbb73c401341e71be9d65984346d4ea68cae09a400f36567daf604e81db4d3806dfffbf5e2c4668e8c079688382bfb

  • SSDEEP

    12288:LfzsUnViD0DUj9rIS7M1NAFZaquBKFrj+59APMQme+alY7WSmdAon:LYUED0YjdIALar0OADR+afSy

Malware Config

Extracted

Family

cryptbot

C2

ewaisg12.top

morvay01.top

Attributes
  • payload_url

    http://winezo01.top/download.php?file=lv.exe

Signatures

  • CryptBot

    A C++ stealer distributed widely in bundle with other software.

  • CryptBot payload 4 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

Processes

  • C:\Users\Admin\AppData\Local\Temp\737d02c261755ff5c920fa52d4f03fce.exe
    "C:\Users\Admin\AppData\Local\Temp\737d02c261755ff5c920fa52d4f03fce.exe"
    1⤵
    • Checks processor information in registry
    PID:2936

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2936-2-0x0000000001D20000-0x0000000001E01000-memory.dmp

    Filesize

    900KB

  • memory/2936-1-0x0000000000690000-0x0000000000790000-memory.dmp

    Filesize

    1024KB

  • memory/2936-3-0x0000000000400000-0x00000000004E5000-memory.dmp

    Filesize

    916KB

  • memory/2936-7-0x0000000001D20000-0x0000000001E01000-memory.dmp

    Filesize

    900KB

  • memory/2936-6-0x0000000000400000-0x00000000004E5000-memory.dmp

    Filesize

    916KB