Extracted

• • Target

    AppSetup.exe

  • Size

    25.2MB

  • MD5

    5b7ed610b565e03d6e39c317047b9366

  • SHA1

    e3e24adab846da04e3ebf8cce970fc88a0007083

  • SHA256

    6fb329bcf5ca14e6e33b5885f9a763dcbddd60d6328017046437ed74a0019658

  • SHA512

    a7cf712711f5adad3285dabda5c2ac02abb8a39f10e739319db2bcf6eab25c1793fd562bfa133ca7c8530d13b3dd7780fe4b0c96f501773477864b21c634efa1

  • SSDEEP

    196608:asF8oTaj3g2guPfSsS0/ct6WzLXzZtM+HDxS0/ct2:terg2guyLN8m/Z2SD0NY

  Score

  10^/10

  cryptbotspywarestealer

  • CryptBot

    A C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot

  • Blocklisted process makes network request

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2