General

  • Target

    c26861430d8dabfd4ad23d387928b14a269071468a33ff37f9a32638341972e3.exe

  • Size

    4.2MB

  • Sample

    241219-egalvawqax

  • MD5

    c640a058cdfe8c320e2386c8d67382d1

  • SHA1

    e036827bcbbbaf67892aa19e2e1b1ffe5b83d2b8

  • SHA256

    c26861430d8dabfd4ad23d387928b14a269071468a33ff37f9a32638341972e3

  • SHA512

    1786e94fac2716976bbf7cb3b57a52ecaae45c3d55c07400123b3de64441d7bffd53b9de65cb510f288edbe800abdde2172dc79b1c7063d96b7135986ee9e1d1

  • SSDEEP

    98304:IyksB4edU4BV1uQpt7COs0TxlHqrIqo0uJd3x:Tv4eHB/x1W8qo0q

Malware Config

Extracted

Family

cryptbot

Targets

    • Target

      c26861430d8dabfd4ad23d387928b14a269071468a33ff37f9a32638341972e3.exe

    • Size

      4.2MB

    • MD5

      c640a058cdfe8c320e2386c8d67382d1

    • SHA1

      e036827bcbbbaf67892aa19e2e1b1ffe5b83d2b8

    • SHA256

      c26861430d8dabfd4ad23d387928b14a269071468a33ff37f9a32638341972e3

    • SHA512

      1786e94fac2716976bbf7cb3b57a52ecaae45c3d55c07400123b3de64441d7bffd53b9de65cb510f288edbe800abdde2172dc79b1c7063d96b7135986ee9e1d1

    • SSDEEP

      98304:IyksB4edU4BV1uQpt7COs0TxlHqrIqo0uJd3x:Tv4eHB/x1W8qo0q

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Cryptbot family

    • Enumerates VirtualBox registry keys

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks