General

  • Target

    ea4851d1a1aebe61b573032d1785df907af31dd39343ed48d03bbf58830ab45c.exe

  • Size

    4.3MB

  • Sample

    241219-ez95esxqcx

  • MD5

    a326cdb677de0dffbc5beb2970b80ac0

  • SHA1

    12a8073306783feac1f97686572460c2220ed0ff

  • SHA256

    ea4851d1a1aebe61b573032d1785df907af31dd39343ed48d03bbf58830ab45c

  • SHA512

    d1b1b98051608a0eb4f7690a0c93b9c0c8f29082069cfa955389487d557280e3a3a49243ad66e7ae36c020469973cf7580f92cfa33d5059a8b68c2411bd1576c

  • SSDEEP

    98304:oSEoarpcKNd0dJtR8gPw6hDc+xDhsCiz1S0MKj:oSE31cKNOdJsH6blhsS0fj

Malware Config

Extracted

Family

cryptbot

Targets

    • Target

      ea4851d1a1aebe61b573032d1785df907af31dd39343ed48d03bbf58830ab45c.exe

    • Size

      4.3MB

    • MD5

      a326cdb677de0dffbc5beb2970b80ac0

    • SHA1

      12a8073306783feac1f97686572460c2220ed0ff

    • SHA256

      ea4851d1a1aebe61b573032d1785df907af31dd39343ed48d03bbf58830ab45c

    • SHA512

      d1b1b98051608a0eb4f7690a0c93b9c0c8f29082069cfa955389487d557280e3a3a49243ad66e7ae36c020469973cf7580f92cfa33d5059a8b68c2411bd1576c

    • SSDEEP

      98304:oSEoarpcKNd0dJtR8gPw6hDc+xDhsCiz1S0MKj:oSE31cKNOdJsH6blhsS0fj

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Cryptbot family

    • Enumerates VirtualBox registry keys

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks