General
-
Target
d2557aabb49b968605ce2c00de93de926d7a25f49f6f693ad822aff57c8a14b8.exe
-
Size
4.2MB
-
Sample
241217-e9mf4s1ke1
-
MD5
178c04a423c791c51c0d91ed1177dbce
-
SHA1
8e277a9244112abe7b8361db8a7853342b701e8a
-
SHA256
d2557aabb49b968605ce2c00de93de926d7a25f49f6f693ad822aff57c8a14b8
-
SHA512
70b219568b548f7a2ea1891de180155f054e96d5ec61193922290c1d7f00f9bebf9819a35b4f595fa830cd9cc4543e9a961dc429a168e9974518e74f9b8f20e0
-
SSDEEP
98304:epfS5aW8WrAftsGPpR0prkAPNBSwCsvxmevTGZDPjDDyL:gfSAFVtpupwA7dCs4lhPv2
Static task
static1
Behavioral task
behavioral1
Sample
d2557aabb49b968605ce2c00de93de926d7a25f49f6f693ad822aff57c8a14b8.exe
Resource
win7-20240903-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
d2557aabb49b968605ce2c00de93de926d7a25f49f6f693ad822aff57c8a14b8.exe
-
Size
4.2MB
-
MD5
178c04a423c791c51c0d91ed1177dbce
-
SHA1
8e277a9244112abe7b8361db8a7853342b701e8a
-
SHA256
d2557aabb49b968605ce2c00de93de926d7a25f49f6f693ad822aff57c8a14b8
-
SHA512
70b219568b548f7a2ea1891de180155f054e96d5ec61193922290c1d7f00f9bebf9819a35b4f595fa830cd9cc4543e9a961dc429a168e9974518e74f9b8f20e0
-
SSDEEP
98304:epfS5aW8WrAftsGPpR0prkAPNBSwCsvxmevTGZDPjDDyL:gfSAFVtpupwA7dCs4lhPv2
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-