Overview

overview

9

Static

static

1

68dbf9ee18...9e.exe

windows10-1703-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    68dbf9ee186dd2a81142d255b9d384b9a5886a576bec570bdfa76e9ee9a7a39e(CriptBot).zip

  • Size

    6.5MB

  • Sample

    230318-t3yccsfa4x

  • MD5

    db880c7b47d0b8c6ce5ff838cf95ccd6

  • SHA1

    c28f864698fd3c42325ddb871263d9cc3262e0d5

  • SHA256

    e2308498f1f730093ddf3668d212fae78dcb2bd1722cafbba38bed30ea0af056

  • SHA512

    ee12fde71545eff2ddad2cbfe8cbc22f9648fa8e00a2f0b5d5dc417a5cf71eebd913098b5fc5ca825c482da00c88d2d7299e2041ea91158af10872c3de47fe23

  • SSDEEP

    196608:2+ON0aLFH3i+2CDZfUmC7iS6DMkvTt7gMNikew:9D492gZm7RO/lNikew

Score
9/10
discoveryevasionspywarestealerthemidatrojan

Malware Config

Targets

    • Target

      68dbf9ee186dd2a81142d255b9d384b9a5886a576bec570bdfa76e9ee9a7a39e.exe

    • Size

      6.9MB

    • MD5

      964210bbe9ccdd4289aafb49fe2eba8f

    • SHA1

      07f0d6cbcbb41009f81e325c33ab8b94e0c35d6d

    • SHA256

      68dbf9ee186dd2a81142d255b9d384b9a5886a576bec570bdfa76e9ee9a7a39e

    • SHA512

      515274fef4f183b7cf67b74de479623449ad707d102c811414bd797a51f38b990f698aa1c5895b26fa0c71608a5a3e93604bf05b9da30ec5a26d88a9316ffa9e

    • SSDEEP

      98304:gt3yRBVbDaNePUgYwn2hkAABPRVbu8Bn1jmd2XFpurnlWkPUvCOuZGj/JflYVY+:6yBbLPUgYlaHnBnBDFpu7MUUvbuZU/M

    Score
    9/10
    discoveryevasionspywarestealerthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

6
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

6
T1082

Peripheral Device Discovery

2
T1120

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks