3c320ddeb57b9d6240cbaab26104e906dfa04a10115a773355a2157013e991a8

General
Target

3c320ddeb57b9d6240cbaab26104e906dfa04a10115a773355a2157013e991a8

Size

2MB

Sample

220117-lmpraahce9

Score
10 /10
MD5

c4205df402e07c22e7af5c73cfac31b2

SHA1

b2bb01e6eb9100b2068f2e008bd89f03230c6a39

SHA256

d3b9ef895c0023f920b80cdc47303013ee118805dbe49d178a571aff1a23d039

SHA512

f4fa661b4a97032fcd55dec3b218e035e8814f25a6213dafa3266815138d52a3d4c47da5d80eb70961e573ea8be218f451c312e8d59db057f9b9c74760109254

Malware Config

Extracted

Family cryptbot
C2

kotehj62.top

Attributes
payload_url
http://okadoc09.top/download.php?file=makeyr.exe
Targets
Target

3c320ddeb57b9d6240cbaab26104e906dfa04a10115a773355a2157013e991a8

MD5

71af238fbf3c5a3a2c2c3594f1ba8a32

Filesize

2MB

Score
10/10
SHA1

b9f49782704b14572985ca13b10842d3aa836ad0

SHA256

3c320ddeb57b9d6240cbaab26104e906dfa04a10115a773355a2157013e991a8

SHA512

fb12811297a22a71ead742dcde54357cf712c04ad690ed6103287f903592999fcde804357488e062fb8783a24394cc0ff23fa1ffbb9d15941e38873a75f59d7f

Tags

Signatures

  • CryptBot

    Description

    A C++ stealer distributed widely in bundle with other software.

    Tags

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    Tags

    TTPs

    Query RegistryVirtualization/Sandbox Evasion
  • Checks BIOS information in registry

    Description

    BIOS information is often read in order to detect sandboxing environments.

    TTPs

    Query RegistrySystem Information Discovery
  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Deletes itself

  • Themida packer

    Description

    Detects Themida, an advanced Windows software protection system.

    Tags

  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation