General

  • Target

    a0d6c9d4d75289ffa8f7dbda90e3fce6.exe

  • Size

    4.2MB

  • Sample

    241219-h5jffavpdk

  • MD5

    a0d6c9d4d75289ffa8f7dbda90e3fce6

  • SHA1

    3e3b99a9b625fbd216908a07754adab568dbef4d

  • SHA256

    ca737deb8d7b8dc261e6dd95dd42d7316e670d886023a7e4369df4a518c972ce

  • SHA512

    e77bf7e82acdc1bf647a5a4761db39cdf591d45d9ef57457aafbb9a087bbca9988c79be7376a7268d4642db2cbef2a41ff723c907bf04cf00f1fdc06e1982858

  • SSDEEP

    98304:j3ClGO5IimEwYIgsw7swMl6NFGS1DsZC2zm/hzB2hP:LCzILKtsw7sT6NcSr2zm/DG

Malware Config

Extracted

Family

cryptbot

Targets

    • Target

      a0d6c9d4d75289ffa8f7dbda90e3fce6.exe

    • Size

      4.2MB

    • MD5

      a0d6c9d4d75289ffa8f7dbda90e3fce6

    • SHA1

      3e3b99a9b625fbd216908a07754adab568dbef4d

    • SHA256

      ca737deb8d7b8dc261e6dd95dd42d7316e670d886023a7e4369df4a518c972ce

    • SHA512

      e77bf7e82acdc1bf647a5a4761db39cdf591d45d9ef57457aafbb9a087bbca9988c79be7376a7268d4642db2cbef2a41ff723c907bf04cf00f1fdc06e1982858

    • SSDEEP

      98304:j3ClGO5IimEwYIgsw7swMl6NFGS1DsZC2zm/hzB2hP:LCzILKtsw7sT6NcSr2zm/DG

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Cryptbot family

    • Enumerates VirtualBox registry keys

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks