General
-
Target
c26861430d8dabfd4ad23d387928b14a269071468a33ff37f9a32638341972e3.exe
-
Size
4.2MB
-
Sample
241219-elz3asxrbk
-
MD5
c640a058cdfe8c320e2386c8d67382d1
-
SHA1
e036827bcbbbaf67892aa19e2e1b1ffe5b83d2b8
-
SHA256
c26861430d8dabfd4ad23d387928b14a269071468a33ff37f9a32638341972e3
-
SHA512
1786e94fac2716976bbf7cb3b57a52ecaae45c3d55c07400123b3de64441d7bffd53b9de65cb510f288edbe800abdde2172dc79b1c7063d96b7135986ee9e1d1
-
SSDEEP
98304:IyksB4edU4BV1uQpt7COs0TxlHqrIqo0uJd3x:Tv4eHB/x1W8qo0q
Static task
static1
Behavioral task
behavioral1
Sample
c26861430d8dabfd4ad23d387928b14a269071468a33ff37f9a32638341972e3.exe
Resource
win7-20240903-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
c26861430d8dabfd4ad23d387928b14a269071468a33ff37f9a32638341972e3.exe
-
Size
4.2MB
-
MD5
c640a058cdfe8c320e2386c8d67382d1
-
SHA1
e036827bcbbbaf67892aa19e2e1b1ffe5b83d2b8
-
SHA256
c26861430d8dabfd4ad23d387928b14a269071468a33ff37f9a32638341972e3
-
SHA512
1786e94fac2716976bbf7cb3b57a52ecaae45c3d55c07400123b3de64441d7bffd53b9de65cb510f288edbe800abdde2172dc79b1c7063d96b7135986ee9e1d1
-
SSDEEP
98304:IyksB4edU4BV1uQpt7COs0TxlHqrIqo0uJd3x:Tv4eHB/x1W8qo0q
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-