General
-
Target
c6382f68551414df7a15ae7f91134f073f4f7873fc50f0403c1577cac7f1d87b.exe
-
Size
4.3MB
-
Sample
241217-e5rv2a1rbj
-
MD5
d07b71d8b42a7249751157d427cb95c9
-
SHA1
e6eecba6c295a2ab3ea6074dbf7aae6288f60092
-
SHA256
c6382f68551414df7a15ae7f91134f073f4f7873fc50f0403c1577cac7f1d87b
-
SHA512
0c2d5a2e3814363e3a7ed146c7afdd579fbd0671ea01c6af036195343e5990f556b2895162b018583b4a3dddf1d21a9244d9e3fb2fab41c21939343b36cb6e93
-
SSDEEP
98304:0KTb8IWDlO/EznhgG8OVyzj8qNoWqhwM4VSsiutWysw:Rf8IWhxznoOGSL1uWy
Static task
static1
Behavioral task
behavioral1
Sample
c6382f68551414df7a15ae7f91134f073f4f7873fc50f0403c1577cac7f1d87b.exe
Resource
win7-20240708-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
c6382f68551414df7a15ae7f91134f073f4f7873fc50f0403c1577cac7f1d87b.exe
-
Size
4.3MB
-
MD5
d07b71d8b42a7249751157d427cb95c9
-
SHA1
e6eecba6c295a2ab3ea6074dbf7aae6288f60092
-
SHA256
c6382f68551414df7a15ae7f91134f073f4f7873fc50f0403c1577cac7f1d87b
-
SHA512
0c2d5a2e3814363e3a7ed146c7afdd579fbd0671ea01c6af036195343e5990f556b2895162b018583b4a3dddf1d21a9244d9e3fb2fab41c21939343b36cb6e93
-
SSDEEP
98304:0KTb8IWDlO/EznhgG8OVyzj8qNoWqhwM4VSsiutWysw:Rf8IWhxznoOGSL1uWy
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-