General

  • Target

    7c13f8b27fb0421f589aaada3eee149dfcbf4916240717ec4d18f07b545750a3.exe

  • Size

    4.2MB

  • Sample

    241219-dqe29awkdl

  • MD5

    d001ae31ba54295c5ffeac731279a162

  • SHA1

    397c71747241b8809e8b726fab65be1e587a3037

  • SHA256

    7c13f8b27fb0421f589aaada3eee149dfcbf4916240717ec4d18f07b545750a3

  • SHA512

    9ab3a40132c7319e0ec1e489fda9bca5d013fe956d58657a446a2411a2f0d1af98a82a8ffde09e832f28935c44dce9a3fa52da5132dbaf307fb88581adafc3e2

  • SSDEEP

    98304:rc5Qa+sFdxQUKrG7miP3IQ3CXxwkqrLSEf7WyI2gqYrcK0Trb:rcma+uPKrG7miwQ3CBwkqaEfKydBKY3

Malware Config

Extracted

Family

cryptbot

Targets

    • Target

      7c13f8b27fb0421f589aaada3eee149dfcbf4916240717ec4d18f07b545750a3.exe

    • Size

      4.2MB

    • MD5

      d001ae31ba54295c5ffeac731279a162

    • SHA1

      397c71747241b8809e8b726fab65be1e587a3037

    • SHA256

      7c13f8b27fb0421f589aaada3eee149dfcbf4916240717ec4d18f07b545750a3

    • SHA512

      9ab3a40132c7319e0ec1e489fda9bca5d013fe956d58657a446a2411a2f0d1af98a82a8ffde09e832f28935c44dce9a3fa52da5132dbaf307fb88581adafc3e2

    • SSDEEP

      98304:rc5Qa+sFdxQUKrG7miP3IQ3CXxwkqrLSEf7WyI2gqYrcK0Trb:rcma+uPKrG7miwQ3CBwkqaEfKydBKY3

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Cryptbot family

    • Enumerates VirtualBox registry keys

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks