cryptbot

General

Target

749a3882d05266212ebedcb49511b7fda71192511f97cac95501dae70f1e8512
Size

2.1MB
Sample

220521-nw32dahdak
MD5

a078d1ec59b389b08d359afe86244523
SHA1

ca92e87b36a8663442cc626aafaaf718f236cbff
SHA256

749a3882d05266212ebedcb49511b7fda71192511f97cac95501dae70f1e8512
SHA512

92db17ba86487cc204a0037d0ad700f6deded61d530d289b4ee5e15da075271aa8a671c6433aabc1adc90a735d12bf17b494b949a63ea3d72605cf773c5fc68b

Score

10^/10

Malware Config

Targets

- Target
  
  749a3882d05266212ebedcb49511b7fda71192511f97cac95501dae70f1e8512
- Size
  
  2.1MB
- MD5
  
  a078d1ec59b389b08d359afe86244523
- SHA1
  
  ca92e87b36a8663442cc626aafaaf718f236cbff
- SHA256
  
  749a3882d05266212ebedcb49511b7fda71192511f97cac95501dae70f1e8512
- SHA512
  
  92db17ba86487cc204a0037d0ad700f6deded61d530d289b4ee5e15da075271aa8a671c6433aabc1adc90a735d12bf17b494b949a63ea3d72605cf773c5fc68b
Score

10^/10

cryptbot discovery evasion spyware stealer
- CryptBot
  A C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2