General
-
Target
3fbe557c7ec8409f30604b0f5e365f70.exe
-
Size
4.2MB
-
Sample
241220-shya7aypel
-
MD5
3fbe557c7ec8409f30604b0f5e365f70
-
SHA1
00d9f4548c93be387f68c1b7aeedcf4c75873b60
-
SHA256
f4e7b423983d4606cb9a72876f57c870884b40556ab6ea3da498d69e02acacab
-
SHA512
802d3925592429a116f24c5a35723f030ea6fc4924dc201eb69a09bfeda57aac3e0c2246d0e213d131b888515936c31d13c03fd6c32c2d091a3ddc2437c1642d
-
SSDEEP
98304:Lcv0DvP7v4m0C6OkeSEj18aRZTZgE5CT+zM:/vjgmj36Ej931guCT
Static task
static1
Behavioral task
behavioral1
Sample
3fbe557c7ec8409f30604b0f5e365f70.exe
Resource
win7-20240903-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
3fbe557c7ec8409f30604b0f5e365f70.exe
-
Size
4.2MB
-
MD5
3fbe557c7ec8409f30604b0f5e365f70
-
SHA1
00d9f4548c93be387f68c1b7aeedcf4c75873b60
-
SHA256
f4e7b423983d4606cb9a72876f57c870884b40556ab6ea3da498d69e02acacab
-
SHA512
802d3925592429a116f24c5a35723f030ea6fc4924dc201eb69a09bfeda57aac3e0c2246d0e213d131b888515936c31d13c03fd6c32c2d091a3ddc2437c1642d
-
SSDEEP
98304:Lcv0DvP7v4m0C6OkeSEj18aRZTZgE5CT+zM:/vjgmj36Ej931guCT
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-