General
-
Target
60cb08aff943753c526cf73fd6007489.exe
-
Size
4.2MB
-
Sample
241219-hslp2avjer
-
MD5
60cb08aff943753c526cf73fd6007489
-
SHA1
82a65e58388a24fa079f644e574b5a26512d1078
-
SHA256
5a1e55df322d7f0f410e19bda46827def8374605479fe22d16c921c36751ec96
-
SHA512
e6cadb0cb30f8c37e8d20f8448952ded9ef9501ad03e059f6140e70f82fc8d3ce12033a7d8887b4793145b2c7d4279d71df02e2ad8ea4a4d973384973e7a1aa9
-
SSDEEP
98304:+TiQFMObNwi4HDXYIeeRGLsAR5G5zVoOLU104TjQ6jY7:+TNjwvjVeeRicdLU1BTjQ6s
Static task
static1
Behavioral task
behavioral1
Sample
60cb08aff943753c526cf73fd6007489.exe
Resource
win7-20241023-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
60cb08aff943753c526cf73fd6007489.exe
-
Size
4.2MB
-
MD5
60cb08aff943753c526cf73fd6007489
-
SHA1
82a65e58388a24fa079f644e574b5a26512d1078
-
SHA256
5a1e55df322d7f0f410e19bda46827def8374605479fe22d16c921c36751ec96
-
SHA512
e6cadb0cb30f8c37e8d20f8448952ded9ef9501ad03e059f6140e70f82fc8d3ce12033a7d8887b4793145b2c7d4279d71df02e2ad8ea4a4d973384973e7a1aa9
-
SSDEEP
98304:+TiQFMObNwi4HDXYIeeRGLsAR5G5zVoOLU104TjQ6jY7:+TNjwvjVeeRicdLU1BTjQ6s
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-