Overview

overview

10

Static

static

3

5e8e38f8b1...52.exe

windows7-x64

10

5e8e38f8b1...52.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f1aefbe49a406f12313f1c56deb2e3cd.bin

  • Size

    4.1MB

  • Sample

    241119-ca3b6symcw

  • MD5

    6bc8f1bb694f5b3ef4e0c3a37656d86e

  • SHA1

    c1eb8adbffe5bb707ac30646dd60a6f4f30d82ef

  • SHA256

    8429c6a40fabe75cce8cf01a52879d7e36e992ee52f1220058b4e60eee8991ba

  • SHA512

    5890ff85a7374d6ceb0170fd4c007937f52362475e989d5849ed5d03e7496c582e92a007119c60f7362418d2d2adc6e5e7a308f022224512fac0d4cbd57a8332

  • SSDEEP

    98304:AP3fGCyrrWf4+XazgYwGP++qVn34bdQpOYQKNOGjf8kd2tFFEr:MGCyfZzEEa34byNrOGtDr

Score
10/10
cryptbotdiscoveryevasionspywarestealer

Malware Config

Targets

    • Target

      5e8e38f8b153083db2940a4a7e169f3118880ae012c12e87a7a976060d0b1b52.exe

    • Size

      4.2MB

    • MD5

      f1aefbe49a406f12313f1c56deb2e3cd

    • SHA1

      182c4978fd940c4d7f504fe985477fe0512cf1f9

    • SHA256

      5e8e38f8b153083db2940a4a7e169f3118880ae012c12e87a7a976060d0b1b52

    • SHA512

      69e0f083e93b3c0a5ee153e4c6b89cb50bc5bbc4fc9c589606856de518e5705d54219f5e0fda01a6b9d53e03ab76836d335bc3d4a47047590438abd51c36ef78

    • SSDEEP

      98304:4otD52k8suSvvYB9QkFhQ1wl+iuIW9sjOE9hr0bTBB98:4oSkld4bQkF6Cl+Vh09hrkBBC

    Score
    10/10
    cryptbotdiscoveryevasionspywarestealer

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

      spywarestealercryptbot

    • Cryptbot family

      cryptbot

    • Detects CryptBot payload

      CryptBot is a C++ stealer distributed widely in bundle with other software.

      spywarestealer

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks