General
-
Target
e34a61e1e9a3ba9dee9dcffc185f13d26427bb0168e1ec4c4fe1e61b3b5d9f1d.exe
-
Size
4.2MB
-
Sample
241219-exqyrsxpa1
-
MD5
0b0b89846c005a9c7087e8272294ea86
-
SHA1
cdd2b18e741ea6936bf32c642b11f3e676f58a1a
-
SHA256
e34a61e1e9a3ba9dee9dcffc185f13d26427bb0168e1ec4c4fe1e61b3b5d9f1d
-
SHA512
e62cff68f9f768242a5a87eed2193db4c77e22753354abde81417b841da34a1e0e637efe6cdb4d4ed852fe547d90d7d0ed01d72d6a1d5c02ceb6ef3a7b4ee676
-
SSDEEP
98304:abRFXfzCAscSbMGXLQqSFyYSpnHXDo0QeiFnjfUbWxnU5C:a7XWAuX8RA3Do0DmjfUKO
Static task
static1
Behavioral task
behavioral1
Sample
e34a61e1e9a3ba9dee9dcffc185f13d26427bb0168e1ec4c4fe1e61b3b5d9f1d.exe
Resource
win7-20240903-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
e34a61e1e9a3ba9dee9dcffc185f13d26427bb0168e1ec4c4fe1e61b3b5d9f1d.exe
-
Size
4.2MB
-
MD5
0b0b89846c005a9c7087e8272294ea86
-
SHA1
cdd2b18e741ea6936bf32c642b11f3e676f58a1a
-
SHA256
e34a61e1e9a3ba9dee9dcffc185f13d26427bb0168e1ec4c4fe1e61b3b5d9f1d
-
SHA512
e62cff68f9f768242a5a87eed2193db4c77e22753354abde81417b841da34a1e0e637efe6cdb4d4ed852fe547d90d7d0ed01d72d6a1d5c02ceb6ef3a7b4ee676
-
SSDEEP
98304:abRFXfzCAscSbMGXLQqSFyYSpnHXDo0QeiFnjfUbWxnU5C:a7XWAuX8RA3Do0DmjfUKO
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-