General
-
Target
68dbf9ee186dd2a81142d255b9d384b9a5886a576bec570bdfa76e9ee9a7a39e(CriptBot).zip
-
Size
6.5MB
-
Sample
230318-t3yccsfa4x
-
MD5
db880c7b47d0b8c6ce5ff838cf95ccd6
-
SHA1
c28f864698fd3c42325ddb871263d9cc3262e0d5
-
SHA256
e2308498f1f730093ddf3668d212fae78dcb2bd1722cafbba38bed30ea0af056
-
SHA512
ee12fde71545eff2ddad2cbfe8cbc22f9648fa8e00a2f0b5d5dc417a5cf71eebd913098b5fc5ca825c482da00c88d2d7299e2041ea91158af10872c3de47fe23
-
SSDEEP
196608:2+ON0aLFH3i+2CDZfUmC7iS6DMkvTt7gMNikew:9D492gZm7RO/lNikew
Static task
static1
Malware Config
Targets
-
-
Target
68dbf9ee186dd2a81142d255b9d384b9a5886a576bec570bdfa76e9ee9a7a39e.exe
-
Size
6.9MB
-
MD5
964210bbe9ccdd4289aafb49fe2eba8f
-
SHA1
07f0d6cbcbb41009f81e325c33ab8b94e0c35d6d
-
SHA256
68dbf9ee186dd2a81142d255b9d384b9a5886a576bec570bdfa76e9ee9a7a39e
-
SHA512
515274fef4f183b7cf67b74de479623449ad707d102c811414bd797a51f38b990f698aa1c5895b26fa0c71608a5a3e93604bf05b9da30ec5a26d88a9316ffa9e
-
SSDEEP
98304:gt3yRBVbDaNePUgYwn2hkAABPRVbu8Bn1jmd2XFpurnlWkPUvCOuZGj/JflYVY+:6yBbLPUgYlaHnBnBDFpu7MUUvbuZU/M
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-