Extracted

• • Target

    43d43cae0a7432a80a3ea1f12b6d134ee9814a46dbe8d5d7556f6d50f0a1506f

  • Size

    4.0MB

  • MD5

    d382233f2487e3a80ce6fe3947790698

  • SHA1

    e0432fb62e612bfde6c4a177207c96e0f98a3036

  • SHA256

    43d43cae0a7432a80a3ea1f12b6d134ee9814a46dbe8d5d7556f6d50f0a1506f

  • SHA512

    26ef09c884d7e10d2acbc9c774d16cedad26e1f8e9c5a08b9f09b79baa001e06af7e4d28c87e0c4a091b936dea7ae482d2a730d72390f8b56dd8410929ef2c9a

  • SSDEEP

    98304:TOevFArh176FXP44VgUhkB6cIvQeKuYz5mh3J5:TdFAN1anFhk4yeKuYOJ5

  Score

  10^/10

  cryptbotdiscoveryspywarestealer

  • CryptBot

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot

  • Cryptbot family

    cryptbot

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2