General
-
Target
6acd081ddf2683294dc75bb6eecd6bad5480d822b425043f245daab1970a93d0.zip
-
Size
8.7MB
-
Sample
221130-jt2nbabd83
-
MD5
177a868778ea56c79ee409c979e1f276
-
SHA1
2776d3294be91cc252ed5cbe7d699b24f2e418af
-
SHA256
2fd280ab8f9ef860843debfda9842c445df48ead601bb92c611b884a04fea202
-
SHA512
f06dd2f7de7cd7e3d4992919eea8ebc8f351ff354c79056532e30a17b2c66085be3791201748a2191451da9e9a6b1119c8f5f011af08c5f8ece6a062787affa8
-
SSDEEP
196608:wGLkGWgLsspzfYRp/kRtPdjGp8gx9iZJL/c4Q0IVXk4x/A+PRidly5zvj/z:dOAg4zPdip8Sivc4Q0IVXFx/AGyl0vf
Malware Config
Targets
-
-
Target
6acd081ddf2683294dc75bb6eecd6bad5480d822b425043f245daab1970a93d0.exe
-
Size
8.7MB
-
MD5
2f56038a57495ab5608e1c67f7dbd688
-
SHA1
4da970efac6083ea26971c319671bcc2d6efd71a
-
SHA256
6acd081ddf2683294dc75bb6eecd6bad5480d822b425043f245daab1970a93d0
-
SHA512
12f1774ce6371fe1bcbee92107c46823694416e98068083e4d38c5a3381a4ca07b6d0895c6c09fb1c590fc20d9ed1e9928cedb6e0608a91c3addb4c9eee7520a
-
SSDEEP
196608:dDUIKAOLfrO/vgf8s3YLo71iEHj9kZVz/RV:dAIKRjrO/aILU1J9kx
Score10/10-
CryptBot
A C++ stealer distributed widely in bundle with other software.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-