Overview

overview

9

Static

static

3

Crystal_Pr...er.exe

windows7-x64

9

Crystal_Pr...er.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    Crystal_Proxy_V1.5_Launcher.exe

  • Size

    9.8MB

  • Sample

    231011-mp5e7abc23

  • MD5

    b49565f96a274a09b91f8b9ac69b2732

  • SHA1

    48df856dafb42222c2ca17fcad9ef5b82bebb380

  • SHA256

    8f0b07e085dc1480df50fb3deeab387cc3008b1d1563c5c4b5294edb11010cbf

  • SHA512

    2a5967dc84750614b6ab1ba16d954d7093311fd59028522f8118553a8bfb19a8a299deca22d1bd13f29b3aa952a1a4a411d6e179608bf5725c4da1d15b946a3d

  • SSDEEP

    196608:DbjVhPvAnfnERIsCbTnNXL+d+Vo4/AyyHUR044XaGwlrO9R0:zVhWPERIsCXnNXLrVoeAy2kJuwlrWR0

Score
9/10
bootkitevasionpersistencetrojan

Malware Config

Targets

    • Target

      Crystal_Proxy_V1.5_Launcher.exe

    • Size

      9.8MB

    • MD5

      b49565f96a274a09b91f8b9ac69b2732

    • SHA1

      48df856dafb42222c2ca17fcad9ef5b82bebb380

    • SHA256

      8f0b07e085dc1480df50fb3deeab387cc3008b1d1563c5c4b5294edb11010cbf

    • SHA512

      2a5967dc84750614b6ab1ba16d954d7093311fd59028522f8118553a8bfb19a8a299deca22d1bd13f29b3aa952a1a4a411d6e179608bf5725c4da1d15b946a3d

    • SSDEEP

      196608:DbjVhPvAnfnERIsCbTnNXL+d+Vo4/AyyHUR044XaGwlrO9R0:zVhWPERIsCXnNXLrVoeAy2kJuwlrWR0

    Score
    9/10
    bootkitevasionpersistencetrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks