General
-
Target
7bdd52d200b7195b67e68677dfd53b48.exe
-
Size
4.3MB
-
Sample
241216-ktwmqstjds
-
MD5
7bdd52d200b7195b67e68677dfd53b48
-
SHA1
2c6e16d9905d1727f71cfb807d5f44fffb2bf34b
-
SHA256
0a0e9a6e074898066418d7916d49f16f262e58b4f670cdcebe17ded36bf0b1b8
-
SHA512
f913cfa2608e147ea1e837d4dfde32e91f12c482ae5f494c7f5516e9735bf6364bc5f4d8cf82bf1485fabf840b47854c4767bc7b673279ecbb12e7b258e9c847
-
SSDEEP
98304:jWBa44QD95F4DK0fhOyCkOv9FjK1nbOFfeMIHAq8jNJZDG6hQg:jWBl4mkK6HObjUKFfMHI5Dba
Static task
static1
Behavioral task
behavioral1
Sample
7bdd52d200b7195b67e68677dfd53b48.exe
Resource
win7-20240903-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
7bdd52d200b7195b67e68677dfd53b48.exe
-
Size
4.3MB
-
MD5
7bdd52d200b7195b67e68677dfd53b48
-
SHA1
2c6e16d9905d1727f71cfb807d5f44fffb2bf34b
-
SHA256
0a0e9a6e074898066418d7916d49f16f262e58b4f670cdcebe17ded36bf0b1b8
-
SHA512
f913cfa2608e147ea1e837d4dfde32e91f12c482ae5f494c7f5516e9735bf6364bc5f4d8cf82bf1485fabf840b47854c4767bc7b673279ecbb12e7b258e9c847
-
SSDEEP
98304:jWBa44QD95F4DK0fhOyCkOv9FjK1nbOFfeMIHAq8jNJZDG6hQg:jWBl4mkK6HObjUKFfMHI5Dba
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-