General

  • Target

    7bdd52d200b7195b67e68677dfd53b48.exe

  • Size

    4.3MB

  • Sample

    241216-ktwmqstjds

  • MD5

    7bdd52d200b7195b67e68677dfd53b48

  • SHA1

    2c6e16d9905d1727f71cfb807d5f44fffb2bf34b

  • SHA256

    0a0e9a6e074898066418d7916d49f16f262e58b4f670cdcebe17ded36bf0b1b8

  • SHA512

    f913cfa2608e147ea1e837d4dfde32e91f12c482ae5f494c7f5516e9735bf6364bc5f4d8cf82bf1485fabf840b47854c4767bc7b673279ecbb12e7b258e9c847

  • SSDEEP

    98304:jWBa44QD95F4DK0fhOyCkOv9FjK1nbOFfeMIHAq8jNJZDG6hQg:jWBl4mkK6HObjUKFfMHI5Dba

Malware Config

Extracted

Family

cryptbot

Targets

    • Target

      7bdd52d200b7195b67e68677dfd53b48.exe

    • Size

      4.3MB

    • MD5

      7bdd52d200b7195b67e68677dfd53b48

    • SHA1

      2c6e16d9905d1727f71cfb807d5f44fffb2bf34b

    • SHA256

      0a0e9a6e074898066418d7916d49f16f262e58b4f670cdcebe17ded36bf0b1b8

    • SHA512

      f913cfa2608e147ea1e837d4dfde32e91f12c482ae5f494c7f5516e9735bf6364bc5f4d8cf82bf1485fabf840b47854c4767bc7b673279ecbb12e7b258e9c847

    • SSDEEP

      98304:jWBa44QD95F4DK0fhOyCkOv9FjK1nbOFfeMIHAq8jNJZDG6hQg:jWBl4mkK6HObjUKFfMHI5Dba

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Cryptbot family

    • Enumerates VirtualBox registry keys

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks