Extracted

• • Target

    c3ce51918df45e9cae14921d25c0419397003733e9ada04a33e4cde97013e2e6_Sigmanly

  • Size

    4.3MB

  • MD5

    39cb781a70f40105ffdbb75e77aa6d7f

  • SHA1

    79805738b703d0b7375140a0067f720f6ff5fb99

  • SHA256

    c3ce51918df45e9cae14921d25c0419397003733e9ada04a33e4cde97013e2e6

  • SHA512

    1d131ff871ee80937334672c905f8e94cb43d28e22843a7a6538cb54ec060ed01e02d48ab5569218bdb57248c6e2c7920e54ecb506f75ef7cefeb200c4587a98

  • SSDEEP

    98304:ZIrcGnmqWv8Zd8Ahx1D40LY9m+uigPG6itvR3yW22gKVW4G/FexOemDR90s:iBTWvAd8AhbF3+u3GltvRN7gUiPDRm

  Score

  10^/10

  cryptbotdiscoveryevasionspywarestealer

  • CryptBot

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot

  • Cryptbot family

    cryptbot

  • Enumerates VirtualBox registry keys

    evasion

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2