General
-
Target
a218bb5d8493d8d0f5b62b86b93d39a3.exe
-
Size
4.3MB
-
Sample
241217-jttmpsvkew
-
MD5
a218bb5d8493d8d0f5b62b86b93d39a3
-
SHA1
faf1b153cc1888380ad0c3467665a63953007ac5
-
SHA256
f7cbdafe48014c544546ba8d96b207a92ce31d902d7152491d85a4b84a27a0f5
-
SHA512
47a0f41075e7b1d7736d4ee0d2b8e16f4797da27e852cf4c4fadb83519f47c3811ca3350d1f719738a61c872d943a6db24c5600f5991f767e209a7a33f3a7d87
-
SSDEEP
98304:H03IZP5gbtRghy4W3nPafnNONP1SVI5G111y47BqeVTk+Ch:HPZhgzp4zEp1yaS1y47B/
Static task
static1
Behavioral task
behavioral1
Sample
a218bb5d8493d8d0f5b62b86b93d39a3.exe
Resource
win7-20240708-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
a218bb5d8493d8d0f5b62b86b93d39a3.exe
-
Size
4.3MB
-
MD5
a218bb5d8493d8d0f5b62b86b93d39a3
-
SHA1
faf1b153cc1888380ad0c3467665a63953007ac5
-
SHA256
f7cbdafe48014c544546ba8d96b207a92ce31d902d7152491d85a4b84a27a0f5
-
SHA512
47a0f41075e7b1d7736d4ee0d2b8e16f4797da27e852cf4c4fadb83519f47c3811ca3350d1f719738a61c872d943a6db24c5600f5991f767e209a7a33f3a7d87
-
SSDEEP
98304:H03IZP5gbtRghy4W3nPafnNONP1SVI5G111y47BqeVTk+Ch:HPZhgzp4zEp1yaS1y47B/
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-