General
-
Target
09febedf5fe3b7498edd06359882ccb3b05d55a4e56cb6133960fe1723838845.exe
-
Size
4.3MB
-
Sample
241217-ch1hjsxjet
-
MD5
ea9d4cdd2c3a08334a9bfca3cc42c9d3
-
SHA1
967238207fb0da446d69fb49c100bea5bb11c618
-
SHA256
09febedf5fe3b7498edd06359882ccb3b05d55a4e56cb6133960fe1723838845
-
SHA512
d415b953eaaa3b2a78405489fc025c59afd24117d8af7943fd0fb0903dcb460f200f6ff95a08d1224cf622f6f66105eae6336ef9bc263a6af312a4f1e781216d
-
SSDEEP
98304:b98DkvjOH/d2ysJWzY5fZZiclXxeKr5WlozJaHoo3duoJo2:bgkSH/szJ6Y5fLiCT+iwIo38oG
Static task
static1
Behavioral task
behavioral1
Sample
09febedf5fe3b7498edd06359882ccb3b05d55a4e56cb6133960fe1723838845.exe
Resource
win7-20240903-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
09febedf5fe3b7498edd06359882ccb3b05d55a4e56cb6133960fe1723838845.exe
-
Size
4.3MB
-
MD5
ea9d4cdd2c3a08334a9bfca3cc42c9d3
-
SHA1
967238207fb0da446d69fb49c100bea5bb11c618
-
SHA256
09febedf5fe3b7498edd06359882ccb3b05d55a4e56cb6133960fe1723838845
-
SHA512
d415b953eaaa3b2a78405489fc025c59afd24117d8af7943fd0fb0903dcb460f200f6ff95a08d1224cf622f6f66105eae6336ef9bc263a6af312a4f1e781216d
-
SSDEEP
98304:b98DkvjOH/d2ysJWzY5fZZiclXxeKr5WlozJaHoo3duoJo2:bgkSH/szJ6Y5fLiCT+iwIo38oG
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-