General

  • Target

    d2557aabb49b968605ce2c00de93de926d7a25f49f6f693ad822aff57c8a14b8.exe

  • Size

    4.2MB

  • Sample

    241217-e9mf4s1ke1

  • MD5

    178c04a423c791c51c0d91ed1177dbce

  • SHA1

    8e277a9244112abe7b8361db8a7853342b701e8a

  • SHA256

    d2557aabb49b968605ce2c00de93de926d7a25f49f6f693ad822aff57c8a14b8

  • SHA512

    70b219568b548f7a2ea1891de180155f054e96d5ec61193922290c1d7f00f9bebf9819a35b4f595fa830cd9cc4543e9a961dc429a168e9974518e74f9b8f20e0

  • SSDEEP

    98304:epfS5aW8WrAftsGPpR0prkAPNBSwCsvxmevTGZDPjDDyL:gfSAFVtpupwA7dCs4lhPv2

Malware Config

Extracted

Family

cryptbot

Targets

    • Target

      d2557aabb49b968605ce2c00de93de926d7a25f49f6f693ad822aff57c8a14b8.exe

    • Size

      4.2MB

    • MD5

      178c04a423c791c51c0d91ed1177dbce

    • SHA1

      8e277a9244112abe7b8361db8a7853342b701e8a

    • SHA256

      d2557aabb49b968605ce2c00de93de926d7a25f49f6f693ad822aff57c8a14b8

    • SHA512

      70b219568b548f7a2ea1891de180155f054e96d5ec61193922290c1d7f00f9bebf9819a35b4f595fa830cd9cc4543e9a961dc429a168e9974518e74f9b8f20e0

    • SSDEEP

      98304:epfS5aW8WrAftsGPpR0prkAPNBSwCsvxmevTGZDPjDDyL:gfSAFVtpupwA7dCs4lhPv2

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Cryptbot family

    • Enumerates VirtualBox registry keys

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks