General
-
Target
326b4baf6fa1e77ba3bf069e185ef94a8e718724462a47141702266dcd16ae77.exe
-
Size
4.3MB
-
Sample
241218-csgs7azmep
-
MD5
e6ad9ba6b212c2a1599af444f00a2196
-
SHA1
1867794e4eea370d8823934a3b01d5a3a685c409
-
SHA256
326b4baf6fa1e77ba3bf069e185ef94a8e718724462a47141702266dcd16ae77
-
SHA512
9684ebb928283289e192260b5ad00f633c5ff9876a45e6a4b3a84bc52e355c0a6343ef4424d3247d27cf9aca32021dc3d5f34b4eb681c698e8c84eca2f512a61
-
SSDEEP
98304:m1k+271VyKdXY+GmDuu/AdMPcCy9f9GY+r6ZL/:m1WNXHGmUdMPxyNIY+k
Static task
static1
Behavioral task
behavioral1
Sample
326b4baf6fa1e77ba3bf069e185ef94a8e718724462a47141702266dcd16ae77.exe
Resource
win7-20240903-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
326b4baf6fa1e77ba3bf069e185ef94a8e718724462a47141702266dcd16ae77.exe
-
Size
4.3MB
-
MD5
e6ad9ba6b212c2a1599af444f00a2196
-
SHA1
1867794e4eea370d8823934a3b01d5a3a685c409
-
SHA256
326b4baf6fa1e77ba3bf069e185ef94a8e718724462a47141702266dcd16ae77
-
SHA512
9684ebb928283289e192260b5ad00f633c5ff9876a45e6a4b3a84bc52e355c0a6343ef4424d3247d27cf9aca32021dc3d5f34b4eb681c698e8c84eca2f512a61
-
SSDEEP
98304:m1k+271VyKdXY+GmDuu/AdMPcCy9f9GY+r6ZL/:m1WNXHGmUdMPxyNIY+k
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-