General
-
Target
510e153a1b4a81f907770f5b1c915abbb84654d4f87380cafc83638496ac2237
-
Size
4.2MB
-
Sample
241217-rt3jlssnfn
-
MD5
9eea7a406260786422fb6755ba20ab24
-
SHA1
af41ce6bfd06ccc957245e1ea47b97649cf8b8c5
-
SHA256
510e153a1b4a81f907770f5b1c915abbb84654d4f87380cafc83638496ac2237
-
SHA512
0f91917a46db57f61d018f475195a3d4108750a8a0967f7c24691e3548f032739f6af67616156f4ea9ef5a1a6798abe1815f993ea31eafe7a4a422476e1a4476
-
SSDEEP
98304:1unLEs3Q0/q+Q5ViiVAspoPjpb6COK7m5dL9lkZF:WR3/q+QXlVH40C853lkf
Static task
static1
Behavioral task
behavioral1
Sample
510e153a1b4a81f907770f5b1c915abbb84654d4f87380cafc83638496ac2237.exe
Resource
win7-20240729-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
510e153a1b4a81f907770f5b1c915abbb84654d4f87380cafc83638496ac2237
-
Size
4.2MB
-
MD5
9eea7a406260786422fb6755ba20ab24
-
SHA1
af41ce6bfd06ccc957245e1ea47b97649cf8b8c5
-
SHA256
510e153a1b4a81f907770f5b1c915abbb84654d4f87380cafc83638496ac2237
-
SHA512
0f91917a46db57f61d018f475195a3d4108750a8a0967f7c24691e3548f032739f6af67616156f4ea9ef5a1a6798abe1815f993ea31eafe7a4a422476e1a4476
-
SSDEEP
98304:1unLEs3Q0/q+Q5ViiVAspoPjpb6COK7m5dL9lkZF:WR3/q+QXlVH40C853lkf
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-