General
-
Target
bdbc46f258f283a8b86c94a0f2c9b66c2ff4a35605b836034b27671b4c5974e8N
-
Size
9.2MB
-
Sample
241004-hxz38a1apm
-
MD5
d511554c3e89879625547bfe436cbf80
-
SHA1
df37505e4f1bc919432b5a80c1f5d32484438ce8
-
SHA256
bdbc46f258f283a8b86c94a0f2c9b66c2ff4a35605b836034b27671b4c5974e8
-
SHA512
360b811f826e6d695d7f1659503b33db92b8c43001f05666b2820c587a95f62e079c0ddb3b23d0159767a29835da6386c882e5383a88629fe562d251df9bdcd9
-
SSDEEP
196608:lQKdvgDDwRB/rYSExCaWeQx12c00AL3MBEre9s4mEqaB2R5oBPLm8eiveeeI/:JVSDwRZYSExCaxk2rgR9saZk5CPSivem
Malware Config
Extracted
cryptbot
forcj4vs.top
analforeverlovyu.top
-
url_path
/v1/upload.php
Targets
-
-
Target
bdbc46f258f283a8b86c94a0f2c9b66c2ff4a35605b836034b27671b4c5974e8N
-
Size
9.2MB
-
MD5
d511554c3e89879625547bfe436cbf80
-
SHA1
df37505e4f1bc919432b5a80c1f5d32484438ce8
-
SHA256
bdbc46f258f283a8b86c94a0f2c9b66c2ff4a35605b836034b27671b4c5974e8
-
SHA512
360b811f826e6d695d7f1659503b33db92b8c43001f05666b2820c587a95f62e079c0ddb3b23d0159767a29835da6386c882e5383a88629fe562d251df9bdcd9
-
SSDEEP
196608:lQKdvgDDwRB/rYSExCaWeQx12c00AL3MBEre9s4mEqaB2R5oBPLm8eiveeeI/:JVSDwRZYSExCaxk2rgR9saZk5CPSivem
Score10/10-
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
Possible privilege escalation attempt
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-