General
-
Target
43e41aec9e2c027a0316b7500f14b9d4.exe
-
Size
4.2MB
-
Sample
241218-ypvrjazlfz
-
MD5
43e41aec9e2c027a0316b7500f14b9d4
-
SHA1
599109f59debf7880dd9decfed047829241ac341
-
SHA256
f5743915756451135c9902ae18aa3b6f3727cb2ac4444acef3f6b3daeab2982c
-
SHA512
b8a53692dca178c97a5518317a8e3dbbce3d1535881d048530fba4f14719109b04ecd6bc6a98afaf0c67e077b49c69b87decd72c9adc7eb92245d9cb4f1867c7
-
SSDEEP
98304:2O2iTB5COUtEiSi3k5wZCgNLc/0VZp62iDrArPZ8QmtNOaR2xd5:2OjT/Crxj0erLc/0/NCrJCt
Static task
static1
Behavioral task
behavioral1
Sample
43e41aec9e2c027a0316b7500f14b9d4.exe
Resource
win7-20241010-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
43e41aec9e2c027a0316b7500f14b9d4.exe
-
Size
4.2MB
-
MD5
43e41aec9e2c027a0316b7500f14b9d4
-
SHA1
599109f59debf7880dd9decfed047829241ac341
-
SHA256
f5743915756451135c9902ae18aa3b6f3727cb2ac4444acef3f6b3daeab2982c
-
SHA512
b8a53692dca178c97a5518317a8e3dbbce3d1535881d048530fba4f14719109b04ecd6bc6a98afaf0c67e077b49c69b87decd72c9adc7eb92245d9cb4f1867c7
-
SSDEEP
98304:2O2iTB5COUtEiSi3k5wZCgNLc/0VZp62iDrArPZ8QmtNOaR2xd5:2OjT/Crxj0erLc/0/NCrJCt
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-