General

  • Target

    09febedf5fe3b7498edd06359882ccb3b05d55a4e56cb6133960fe1723838845.exe

  • Size

    4.3MB

  • Sample

    241217-ch1hjsxjet

  • MD5

    ea9d4cdd2c3a08334a9bfca3cc42c9d3

  • SHA1

    967238207fb0da446d69fb49c100bea5bb11c618

  • SHA256

    09febedf5fe3b7498edd06359882ccb3b05d55a4e56cb6133960fe1723838845

  • SHA512

    d415b953eaaa3b2a78405489fc025c59afd24117d8af7943fd0fb0903dcb460f200f6ff95a08d1224cf622f6f66105eae6336ef9bc263a6af312a4f1e781216d

  • SSDEEP

    98304:b98DkvjOH/d2ysJWzY5fZZiclXxeKr5WlozJaHoo3duoJo2:bgkSH/szJ6Y5fLiCT+iwIo38oG

Malware Config

Extracted

Family

cryptbot

Targets

    • Target

      09febedf5fe3b7498edd06359882ccb3b05d55a4e56cb6133960fe1723838845.exe

    • Size

      4.3MB

    • MD5

      ea9d4cdd2c3a08334a9bfca3cc42c9d3

    • SHA1

      967238207fb0da446d69fb49c100bea5bb11c618

    • SHA256

      09febedf5fe3b7498edd06359882ccb3b05d55a4e56cb6133960fe1723838845

    • SHA512

      d415b953eaaa3b2a78405489fc025c59afd24117d8af7943fd0fb0903dcb460f200f6ff95a08d1224cf622f6f66105eae6336ef9bc263a6af312a4f1e781216d

    • SSDEEP

      98304:b98DkvjOH/d2ysJWzY5fZZiclXxeKr5WlozJaHoo3duoJo2:bgkSH/szJ6Y5fLiCT+iwIo38oG

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Cryptbot family

    • Enumerates VirtualBox registry keys

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks