Overview

overview

10

Static

static

3

824ef75fae...f2.exe

windows7-x64

10

824ef75fae...f2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    824ef75faebd97dd282475248249fd1f82fc29205f3cd22b1c6f6ccc917738f2

  • Size

    4.2MB

  • Sample

    241113-ac87dssnby

  • MD5

    583272ce60e7cc8fc66f1fcf1432d062

  • SHA1

    cba60f72de2a68fabeedffa934211135d9ae2e3a

  • SHA256

    824ef75faebd97dd282475248249fd1f82fc29205f3cd22b1c6f6ccc917738f2

  • SHA512

    6ac31f5eae07ba1d7b058c4b96d1efeeda8c2d65a6b3e6d2f2e49c20c777e14323eb0db652c15bff5b5f173f2d2193d99cf80928603cbc8af939c3d9c6f93989

  • SSDEEP

    98304:BlKVuH3G+6QKpdL1SiqVHDVLGVzAHKku:BlKVuXG+6QKpdLmOa

Score
10/10
cryptbotcredential_accessdiscoveryevasionspywarestealer

Malware Config

Targets

    • Target

      824ef75faebd97dd282475248249fd1f82fc29205f3cd22b1c6f6ccc917738f2

    • Size

      4.2MB

    • MD5

      583272ce60e7cc8fc66f1fcf1432d062

    • SHA1

      cba60f72de2a68fabeedffa934211135d9ae2e3a

    • SHA256

      824ef75faebd97dd282475248249fd1f82fc29205f3cd22b1c6f6ccc917738f2

    • SHA512

      6ac31f5eae07ba1d7b058c4b96d1efeeda8c2d65a6b3e6d2f2e49c20c777e14323eb0db652c15bff5b5f173f2d2193d99cf80928603cbc8af939c3d9c6f93989

    • SSDEEP

      98304:BlKVuH3G+6QKpdL1SiqVHDVLGVzAHKku:BlKVuXG+6QKpdLmOa

    Score
    10/10
    cryptbotcredential_accessdiscoveryevasionspywarestealer

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

      spywarestealercryptbot

    • Cryptbot family

      cryptbot

    • Detects CryptBot payload

      CryptBot is a C++ stealer distributed widely in bundle with other software.

      spywarestealer

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

      credential_accessstealer

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks