f460acfcc99c9338b3f5fb3793f6cbb15daf76c2a79fd05f7398af5346150801

Target

Size

2MB

Sample

220117-ed2k6aghdr

Score

10 ^/10

MD5

1d00723292d3b8bda50c59d040c27087

SHA1

76aedfcff7e298d862354db00ee2c4575da72b42

SHA256

f460acfcc99c9338b3f5fb3793f6cbb15daf76c2a79fd05f7398af5346150801

SHA512

03ef6b83ccff99155be15ca8ac83bb2ada8570a1f5dfbf983db7c6fc6220ca8aa1555988dc72fb08a39ac6d73f8c77c75cdd875249912f9db720a2d5bcbad76a

Extracted

Family	cryptbot
C2	zyoyol62.top morpsy06.top zyoyol62.top morpsy06.top
Attributes	payload_url http://yapcbx08.top/download.php?file=inrhed.exe

Target

f460acfcc99c9338b3f5fb3793f6cbb15daf76c2a79fd05f7398af5346150801

MD5

1d00723292d3b8bda50c59d040c27087

Filesize

2MB

Score

10^/10

SHA1

76aedfcff7e298d862354db00ee2c4575da72b42

SHA256

f460acfcc99c9338b3f5fb3793f6cbb15daf76c2a79fd05f7398af5346150801

SHA512

03ef6b83ccff99155be15ca8ac83bb2ada8570a1f5dfbf983db7c6fc6220ca8aa1555988dc72fb08a39ac6d73f8c77c75cdd875249912f9db720a2d5bcbad76a

Signatures

CryptBot
Description

A C++ stealer distributed widely in bundle with other software.
Tags

spyware stealer cryptbot
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Tags

evasion

TTPs

Query RegistryVirtualization/Sandbox Evasion
Checks BIOS information in registry
Description

BIOS information is often read in order to detect sandboxing environments.
TTPs

Query RegistrySystem Information Discovery
Reads user/profile data of web browsers
Description

Infostealers often target stored browser data, which can include saved credentials etc.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Themida packer
Description

Detects Themida, an advanced Windows software protection system.
Tags

themida
Accesses cryptocurrency files/wallets, possible credential harvesting
Tags

spyware

TTPs

Data from Local SystemCredentials in Files
Checks installed software on the system
Description

Looks up Uninstall key entries in the registry to enumerate software on the system.
Tags

discovery

TTPs

Query Registry
Checks whether UAC is enabled
Tags

evasion trojan

TTPs

System Information Discovery
Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

behavioral1

Collection

Data from Local System

Command and Control

Credential Access

Credentials in Files

Defense Evasion

Virtualization/Sandbox Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

themida

7^/10

behavioral1

cryptbot discovery evasion spyware stealer themida trojan

10^/10

Extracted

Tags

Signatures

CryptBot

Description

Tags

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Tags

TTPs

Checks BIOS information in registry

Description

TTPs

Reads user/profile data of web browsers

Description

Tags

TTPs

Themida packer

Description

Tags

Accesses cryptocurrency files/wallets, possible credential harvesting

Tags

TTPs

Checks installed software on the system

Description

Tags

TTPs

Checks whether UAC is enabled

Tags

TTPs

Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

static1

behavioral1