General
-
Target
408c1e0d4128dd79da38e0685f991f260ed155a0c391dcea710b893c138fa65e.exe
-
Size
4.2MB
-
Sample
241123-csb8ps1qcm
-
MD5
bc7728211118c8205e3e731e353be4eb
-
SHA1
58c807907f5384a26a02ee042e2a8ac779acec53
-
SHA256
408c1e0d4128dd79da38e0685f991f260ed155a0c391dcea710b893c138fa65e
-
SHA512
9da4b443fbda39f21c3dd896da5df4e9b601553ee2e8705ea998efa6e57cd24aee44109314c57a0771e705ad45fe607e71522d07402a9eb59f6d82c83eca1c2a
-
SSDEEP
98304:s9fmFp2FtD8rp+xO1dA+p0EFxc178bb6FOsEWuRlcj5:mOFg/DeJdp0+C8iFOPe
Static task
static1
Behavioral task
behavioral1
Sample
408c1e0d4128dd79da38e0685f991f260ed155a0c391dcea710b893c138fa65e.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
408c1e0d4128dd79da38e0685f991f260ed155a0c391dcea710b893c138fa65e.exe
-
Size
4.2MB
-
MD5
bc7728211118c8205e3e731e353be4eb
-
SHA1
58c807907f5384a26a02ee042e2a8ac779acec53
-
SHA256
408c1e0d4128dd79da38e0685f991f260ed155a0c391dcea710b893c138fa65e
-
SHA512
9da4b443fbda39f21c3dd896da5df4e9b601553ee2e8705ea998efa6e57cd24aee44109314c57a0771e705ad45fe607e71522d07402a9eb59f6d82c83eca1c2a
-
SSDEEP
98304:s9fmFp2FtD8rp+xO1dA+p0EFxc178bb6FOsEWuRlcj5:mOFg/DeJdp0+C8iFOPe
-
Cryptbot family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
1Credentials In Files
1