Extracted

• • Target

    246e2208e8ddec77e2af5c023912596b_JaffaCakes118

  • Size

    2.6MB

  • MD5

    246e2208e8ddec77e2af5c023912596b

  • SHA1

    27502502a4937e6c842e6363c956424a8dd11ce2

  • SHA256

    93baef5c568d34947823fa1be790b7f580631e8724ee0203de9038c1366b8c57

  • SHA512

    89180fc082ad885b9509a955d696082ce791a9fd26fc033474ff8bb656a4076ef4ca41062d35b153917c08aede06b82cbfb8a0cd5ebe45fa29709cbfd5dd29c7

  • SSDEEP

    49152:8XK+wzmmfoCIUgdAqWvXrkapi9oUKjSUhl88BHR3GccQQPITsUW:T3PIUgdtQXrkapi2jhzdHRWcTQQT6

  Score

  10^/10

  cryptbotdiscoveryevasionspywarestealerthemidatrojan

  • CryptBot

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2