General

  • Target

    c6382f68551414df7a15ae7f91134f073f4f7873fc50f0403c1577cac7f1d87b.exe

  • Size

    4.3MB

  • Sample

    241217-e5rv2a1rbj

  • MD5

    d07b71d8b42a7249751157d427cb95c9

  • SHA1

    e6eecba6c295a2ab3ea6074dbf7aae6288f60092

  • SHA256

    c6382f68551414df7a15ae7f91134f073f4f7873fc50f0403c1577cac7f1d87b

  • SHA512

    0c2d5a2e3814363e3a7ed146c7afdd579fbd0671ea01c6af036195343e5990f556b2895162b018583b4a3dddf1d21a9244d9e3fb2fab41c21939343b36cb6e93

  • SSDEEP

    98304:0KTb8IWDlO/EznhgG8OVyzj8qNoWqhwM4VSsiutWysw:Rf8IWhxznoOGSL1uWy

Malware Config

Extracted

Family

cryptbot

Targets

    • Target

      c6382f68551414df7a15ae7f91134f073f4f7873fc50f0403c1577cac7f1d87b.exe

    • Size

      4.3MB

    • MD5

      d07b71d8b42a7249751157d427cb95c9

    • SHA1

      e6eecba6c295a2ab3ea6074dbf7aae6288f60092

    • SHA256

      c6382f68551414df7a15ae7f91134f073f4f7873fc50f0403c1577cac7f1d87b

    • SHA512

      0c2d5a2e3814363e3a7ed146c7afdd579fbd0671ea01c6af036195343e5990f556b2895162b018583b4a3dddf1d21a9244d9e3fb2fab41c21939343b36cb6e93

    • SSDEEP

      98304:0KTb8IWDlO/EznhgG8OVyzj8qNoWqhwM4VSsiutWysw:Rf8IWhxznoOGSL1uWy

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Cryptbot family

    • Enumerates VirtualBox registry keys

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks