General

  • Target

    2604-740-0x0000000000A40000-0x00000000016B9000-memory.dmp

  • Size

    12.5MB

  • MD5

    8fa8a0a5464adad02311ff1a81cec7eb

  • SHA1

    1a773467acad2757b52875f3ce69b21054c1692a

  • SHA256

    f403f95b949e12f9b895696afc3b836be1717714d1829a7dc7b62d5bf5002908

  • SHA512

    ed0eb32c62d0fd451846d84c6ec0e57a017e67d53d59a164bffba29e1bb85e06a8fc40b7eaeaa5ddee7fed4f3cb8a5e70e846df96df9fb7c6e2d2b8115123d19

  • SSDEEP

    98304:fBKR/siEbi8Mvkofy8Tf1nKoFqlCPeM7AWkXiyh/aGzPJbzdPjmA2usZBMQiVRFi:Sk5bK8Ef1nW8uhiGTJdPjbiB7Sk

Malware Config

Extracted

Family

cryptbot

Signatures

  • Cryptbot family
  • Embeds OpenSSL 1 IoCs

    Embeds OpenSSL, may be used to circumvent TLS interception.

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2604-740-0x0000000000A40000-0x00000000016B9000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections