General
-
Target
40147209edc2604a1d653bf65890c705939237f79a43ec544dfc74343777923c.exe
-
Size
4.2MB
-
Sample
241219-c6ntnatmey
-
MD5
079795064f41b5e6be3580417649285b
-
SHA1
25f3575baaf1808837cc6cefa61e340d5f6b8352
-
SHA256
40147209edc2604a1d653bf65890c705939237f79a43ec544dfc74343777923c
-
SHA512
dc0ec23df0f74aa4f6ee48b1e0a8b5c70067daade43090debc504f561cf75de92893f202c1eb28fef4f6bdb420fac1cac191a01fc4bad60ba8b7ed26fbd6beec
-
SSDEEP
98304:4x4a5Y8VxDDHZFfgCnKTMEs20dMAKc1WNpq3E8rEVZbZW:Na5Y8Vx1FuTMEsXiTN800MZlW
Static task
static1
Behavioral task
behavioral1
Sample
40147209edc2604a1d653bf65890c705939237f79a43ec544dfc74343777923c.exe
Resource
win7-20240729-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
40147209edc2604a1d653bf65890c705939237f79a43ec544dfc74343777923c.exe
-
Size
4.2MB
-
MD5
079795064f41b5e6be3580417649285b
-
SHA1
25f3575baaf1808837cc6cefa61e340d5f6b8352
-
SHA256
40147209edc2604a1d653bf65890c705939237f79a43ec544dfc74343777923c
-
SHA512
dc0ec23df0f74aa4f6ee48b1e0a8b5c70067daade43090debc504f561cf75de92893f202c1eb28fef4f6bdb420fac1cac191a01fc4bad60ba8b7ed26fbd6beec
-
SSDEEP
98304:4x4a5Y8VxDDHZFfgCnKTMEs20dMAKc1WNpq3E8rEVZbZW:Na5Y8Vx1FuTMEsXiTN800MZlW
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-