General
-
Target
aa1d9bfcb4fee4ff65cf6209fbc83204.exe
-
Size
4.3MB
-
Sample
241219-h5425svpfp
-
MD5
aa1d9bfcb4fee4ff65cf6209fbc83204
-
SHA1
3334182b3bf48e928683a9c0a87d25ea57e8d70b
-
SHA256
dc645ba585c2d41ec553cefd46bd3dab212882cb07097905f9ed071e8882b161
-
SHA512
aec316f0ea02349b57a5e75a972edf70b8aea705a7c74f67452a5840834fca0cf70c3d099ca003bab73a25186e6f03298ea68440a03216fb40ece74b82f71d68
-
SSDEEP
98304:TY4QNoH37vLuyZo7QyuTTGlo/ZyCSCPz3Xf00MpmZxaWK9Ye3r:U453/ukyu3LZyjyzf9MmyWs/3r
Static task
static1
Behavioral task
behavioral1
Sample
aa1d9bfcb4fee4ff65cf6209fbc83204.exe
Resource
win7-20240903-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
aa1d9bfcb4fee4ff65cf6209fbc83204.exe
-
Size
4.3MB
-
MD5
aa1d9bfcb4fee4ff65cf6209fbc83204
-
SHA1
3334182b3bf48e928683a9c0a87d25ea57e8d70b
-
SHA256
dc645ba585c2d41ec553cefd46bd3dab212882cb07097905f9ed071e8882b161
-
SHA512
aec316f0ea02349b57a5e75a972edf70b8aea705a7c74f67452a5840834fca0cf70c3d099ca003bab73a25186e6f03298ea68440a03216fb40ece74b82f71d68
-
SSDEEP
98304:TY4QNoH37vLuyZo7QyuTTGlo/ZyCSCPz3Xf00MpmZxaWK9Ye3r:U453/ukyu3LZyjyzf9MmyWs/3r
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-