General
-
Target
ea4851d1a1aebe61b573032d1785df907af31dd39343ed48d03bbf58830ab45c.exe
-
Size
4.3MB
-
Sample
241219-ez95esxqcx
-
MD5
a326cdb677de0dffbc5beb2970b80ac0
-
SHA1
12a8073306783feac1f97686572460c2220ed0ff
-
SHA256
ea4851d1a1aebe61b573032d1785df907af31dd39343ed48d03bbf58830ab45c
-
SHA512
d1b1b98051608a0eb4f7690a0c93b9c0c8f29082069cfa955389487d557280e3a3a49243ad66e7ae36c020469973cf7580f92cfa33d5059a8b68c2411bd1576c
-
SSDEEP
98304:oSEoarpcKNd0dJtR8gPw6hDc+xDhsCiz1S0MKj:oSE31cKNOdJsH6blhsS0fj
Static task
static1
Behavioral task
behavioral1
Sample
ea4851d1a1aebe61b573032d1785df907af31dd39343ed48d03bbf58830ab45c.exe
Resource
win7-20241023-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
ea4851d1a1aebe61b573032d1785df907af31dd39343ed48d03bbf58830ab45c.exe
-
Size
4.3MB
-
MD5
a326cdb677de0dffbc5beb2970b80ac0
-
SHA1
12a8073306783feac1f97686572460c2220ed0ff
-
SHA256
ea4851d1a1aebe61b573032d1785df907af31dd39343ed48d03bbf58830ab45c
-
SHA512
d1b1b98051608a0eb4f7690a0c93b9c0c8f29082069cfa955389487d557280e3a3a49243ad66e7ae36c020469973cf7580f92cfa33d5059a8b68c2411bd1576c
-
SSDEEP
98304:oSEoarpcKNd0dJtR8gPw6hDc+xDhsCiz1S0MKj:oSE31cKNOdJsH6blhsS0fj
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-