f460acfcc99c9338b3f5fb3793f6cbb15daf76c2a79fd05f7398af5346150801

General
Target

f460acfcc99c9338b3f5fb3793f6cbb15daf76c2a79fd05f7398af5346150801

Size

2MB

Sample

220117-ed2k6aghdr

Score
10 /10
MD5

1d00723292d3b8bda50c59d040c27087

SHA1

76aedfcff7e298d862354db00ee2c4575da72b42

SHA256

f460acfcc99c9338b3f5fb3793f6cbb15daf76c2a79fd05f7398af5346150801

SHA512

03ef6b83ccff99155be15ca8ac83bb2ada8570a1f5dfbf983db7c6fc6220ca8aa1555988dc72fb08a39ac6d73f8c77c75cdd875249912f9db720a2d5bcbad76a

Malware Config

Extracted

Family cryptbot
C2

zyoyol62.top

morpsy06.top

Attributes
payload_url
http://yapcbx08.top/download.php?file=inrhed.exe
Targets
Target

f460acfcc99c9338b3f5fb3793f6cbb15daf76c2a79fd05f7398af5346150801

MD5

1d00723292d3b8bda50c59d040c27087

Filesize

2MB

Score
10/10
SHA1

76aedfcff7e298d862354db00ee2c4575da72b42

SHA256

f460acfcc99c9338b3f5fb3793f6cbb15daf76c2a79fd05f7398af5346150801

SHA512

03ef6b83ccff99155be15ca8ac83bb2ada8570a1f5dfbf983db7c6fc6220ca8aa1555988dc72fb08a39ac6d73f8c77c75cdd875249912f9db720a2d5bcbad76a

Tags

Signatures

  • CryptBot

    Description

    A C++ stealer distributed widely in bundle with other software.

    Tags

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    Tags

    TTPs

    Query RegistryVirtualization/Sandbox Evasion
  • Checks BIOS information in registry

    Description

    BIOS information is often read in order to detect sandboxing environments.

    TTPs

    Query RegistrySystem Information Discovery
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Themida packer

    Description

    Detects Themida, an advanced Windows software protection system.

    Tags

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Persistence
                Privilege Escalation
                  Tasks