General

  • Target

    a218bb5d8493d8d0f5b62b86b93d39a3.exe

  • Size

    4.3MB

  • Sample

    241217-jttmpsvkew

  • MD5

    a218bb5d8493d8d0f5b62b86b93d39a3

  • SHA1

    faf1b153cc1888380ad0c3467665a63953007ac5

  • SHA256

    f7cbdafe48014c544546ba8d96b207a92ce31d902d7152491d85a4b84a27a0f5

  • SHA512

    47a0f41075e7b1d7736d4ee0d2b8e16f4797da27e852cf4c4fadb83519f47c3811ca3350d1f719738a61c872d943a6db24c5600f5991f767e209a7a33f3a7d87

  • SSDEEP

    98304:H03IZP5gbtRghy4W3nPafnNONP1SVI5G111y47BqeVTk+Ch:HPZhgzp4zEp1yaS1y47B/

Malware Config

Extracted

Family

cryptbot

Targets

    • Target

      a218bb5d8493d8d0f5b62b86b93d39a3.exe

    • Size

      4.3MB

    • MD5

      a218bb5d8493d8d0f5b62b86b93d39a3

    • SHA1

      faf1b153cc1888380ad0c3467665a63953007ac5

    • SHA256

      f7cbdafe48014c544546ba8d96b207a92ce31d902d7152491d85a4b84a27a0f5

    • SHA512

      47a0f41075e7b1d7736d4ee0d2b8e16f4797da27e852cf4c4fadb83519f47c3811ca3350d1f719738a61c872d943a6db24c5600f5991f767e209a7a33f3a7d87

    • SSDEEP

      98304:H03IZP5gbtRghy4W3nPafnNONP1SVI5G111y47BqeVTk+Ch:HPZhgzp4zEp1yaS1y47B/

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Cryptbot family

    • Enumerates VirtualBox registry keys

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks