General
-
Target
b2c5eff51d7f0692f552e043af3f5324cf25dccadda349d59c5dc5e95d265eb3.exe
-
Size
4.2MB
-
Sample
241123-dcdl9swpc1
-
MD5
12cd0d9c479c98fd981eec5c93de5b81
-
SHA1
d6eb3df1e15d86dca156f9e9d57b6faf62559b6c
-
SHA256
b2c5eff51d7f0692f552e043af3f5324cf25dccadda349d59c5dc5e95d265eb3
-
SHA512
74674519f5702f5347be782314b5fe4e68c3e00d0baac6dfe103b3f12d9a97fdd7876d56983d599162beef9d92a3294cfd2c2da00b7f6b7dd96effe9679b752c
-
SSDEEP
98304:xftFgAd10qZEMXgSAlTJtDUS6Ei5iO8u9YR/UnWm:xftFhb0q6MTA7eSXi5b87R/Un1
Static task
static1
Behavioral task
behavioral1
Sample
b2c5eff51d7f0692f552e043af3f5324cf25dccadda349d59c5dc5e95d265eb3.exe
Resource
win7-20240729-en
Malware Config
Targets
-
-
Target
b2c5eff51d7f0692f552e043af3f5324cf25dccadda349d59c5dc5e95d265eb3.exe
-
Size
4.2MB
-
MD5
12cd0d9c479c98fd981eec5c93de5b81
-
SHA1
d6eb3df1e15d86dca156f9e9d57b6faf62559b6c
-
SHA256
b2c5eff51d7f0692f552e043af3f5324cf25dccadda349d59c5dc5e95d265eb3
-
SHA512
74674519f5702f5347be782314b5fe4e68c3e00d0baac6dfe103b3f12d9a97fdd7876d56983d599162beef9d92a3294cfd2c2da00b7f6b7dd96effe9679b752c
-
SSDEEP
98304:xftFgAd10qZEMXgSAlTJtDUS6Ei5iO8u9YR/UnWm:xftFhb0q6MTA7eSXi5b87R/Un1
-
Cryptbot family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Modify Authentication Process
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
1Credentials In Files
1