General
-
Target
7c13f8b27fb0421f589aaada3eee149dfcbf4916240717ec4d18f07b545750a3.exe
-
Size
4.2MB
-
Sample
241219-dqe29awkdl
-
MD5
d001ae31ba54295c5ffeac731279a162
-
SHA1
397c71747241b8809e8b726fab65be1e587a3037
-
SHA256
7c13f8b27fb0421f589aaada3eee149dfcbf4916240717ec4d18f07b545750a3
-
SHA512
9ab3a40132c7319e0ec1e489fda9bca5d013fe956d58657a446a2411a2f0d1af98a82a8ffde09e832f28935c44dce9a3fa52da5132dbaf307fb88581adafc3e2
-
SSDEEP
98304:rc5Qa+sFdxQUKrG7miP3IQ3CXxwkqrLSEf7WyI2gqYrcK0Trb:rcma+uPKrG7miwQ3CBwkqaEfKydBKY3
Static task
static1
Behavioral task
behavioral1
Sample
7c13f8b27fb0421f589aaada3eee149dfcbf4916240717ec4d18f07b545750a3.exe
Resource
win7-20240903-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
7c13f8b27fb0421f589aaada3eee149dfcbf4916240717ec4d18f07b545750a3.exe
-
Size
4.2MB
-
MD5
d001ae31ba54295c5ffeac731279a162
-
SHA1
397c71747241b8809e8b726fab65be1e587a3037
-
SHA256
7c13f8b27fb0421f589aaada3eee149dfcbf4916240717ec4d18f07b545750a3
-
SHA512
9ab3a40132c7319e0ec1e489fda9bca5d013fe956d58657a446a2411a2f0d1af98a82a8ffde09e832f28935c44dce9a3fa52da5132dbaf307fb88581adafc3e2
-
SSDEEP
98304:rc5Qa+sFdxQUKrG7miP3IQ3CXxwkqrLSEf7WyI2gqYrcK0Trb:rcma+uPKrG7miwQ3CBwkqaEfKydBKY3
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-