General
-
Target
0c9ac016b38263da875782e7fd32cd5c.exe
-
Size
4.2MB
-
Sample
241217-kmltyswnfr
-
MD5
0c9ac016b38263da875782e7fd32cd5c
-
SHA1
c81138a0fd251982dd17ec26efa677a84babbc39
-
SHA256
51ad49a33d4116003b1bbfa4be0009c232eb8309728e6903ceebeac326def1c0
-
SHA512
b0f023a55887b60c1eb432caf2db4a4d90eab5838fd8411e7e7b606da3fa9a53ce8a65f153f9d3ce30cfce82d848a5aae3637bbfca01872233a304efff99a197
-
SSDEEP
98304:5GAdFqYLoMHlz3zc1V4nplSNwmo4Fd3mFR3c6iSPpp:lXqfIjc1Vypl5m1mP3JX
Static task
static1
Behavioral task
behavioral1
Sample
0c9ac016b38263da875782e7fd32cd5c.exe
Resource
win7-20240708-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
0c9ac016b38263da875782e7fd32cd5c.exe
-
Size
4.2MB
-
MD5
0c9ac016b38263da875782e7fd32cd5c
-
SHA1
c81138a0fd251982dd17ec26efa677a84babbc39
-
SHA256
51ad49a33d4116003b1bbfa4be0009c232eb8309728e6903ceebeac326def1c0
-
SHA512
b0f023a55887b60c1eb432caf2db4a4d90eab5838fd8411e7e7b606da3fa9a53ce8a65f153f9d3ce30cfce82d848a5aae3637bbfca01872233a304efff99a197
-
SSDEEP
98304:5GAdFqYLoMHlz3zc1V4nplSNwmo4Fd3mFR3c6iSPpp:lXqfIjc1Vypl5m1mP3JX
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-