3c320ddeb57b9d6240cbaab26104e906dfa04a10115a773355a2157013e991a8

General
Target

3c320ddeb57b9d6240cbaab26104e906dfa04a10115a773355a2157013e991a8

Size

2MB

Sample

220116-k5m5qsfffj

Score
10 /10
MD5

71af238fbf3c5a3a2c2c3594f1ba8a32

SHA1

b9f49782704b14572985ca13b10842d3aa836ad0

SHA256

3c320ddeb57b9d6240cbaab26104e906dfa04a10115a773355a2157013e991a8

SHA512

fb12811297a22a71ead742dcde54357cf712c04ad690ed6103287f903592999fcde804357488e062fb8783a24394cc0ff23fa1ffbb9d15941e38873a75f59d7f

Malware Config

Extracted

Family cryptbot
C2

kotehj62.top

Attributes
payload_url
http://okadoc09.top/download.php?file=makeyr.exe
Targets
Target

3c320ddeb57b9d6240cbaab26104e906dfa04a10115a773355a2157013e991a8

MD5

71af238fbf3c5a3a2c2c3594f1ba8a32

Filesize

2MB

Score
10/10
SHA1

b9f49782704b14572985ca13b10842d3aa836ad0

SHA256

3c320ddeb57b9d6240cbaab26104e906dfa04a10115a773355a2157013e991a8

SHA512

fb12811297a22a71ead742dcde54357cf712c04ad690ed6103287f903592999fcde804357488e062fb8783a24394cc0ff23fa1ffbb9d15941e38873a75f59d7f

Tags

Signatures

  • CryptBot

    Description

    A C++ stealer distributed widely in bundle with other software.

    Tags

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    Tags

    TTPs

    Query RegistryVirtualization/Sandbox Evasion
  • Checks BIOS information in registry

    Description

    BIOS information is often read in order to detect sandboxing environments.

    TTPs

    Query RegistrySystem Information Discovery
  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Themida packer

    Description

    Detects Themida, an advanced Windows software protection system.

    Tags

  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      7/10