General
-
Target
61039d97d478405525707e3c0b4b3003.exe
-
Size
4.2MB
-
Sample
241220-sqkp3ayjhs
-
MD5
61039d97d478405525707e3c0b4b3003
-
SHA1
501cf467cd61ca88a1e0991c2d7899a97237d8ff
-
SHA256
be39f15bfaeb90c138dbbc06f647ba537c5b451459343b9ef2a5583c0a02a89c
-
SHA512
d08d9262de6777f0b9f7d010462ec669d3f58cc202c528ca8caac9c9611a50629ee3c311abc3689fa7ce2e52eb1dacc17b3e9f0aac61ffa6f924e903879d74ee
-
SSDEEP
98304:rJjB8hwcXiocct8XrfDDUR8o7iPiyg9GrLi+3OgQp8odxsw53Er:t+WE8Xr0Rt7crg9Gu+3OgQQw
Static task
static1
Behavioral task
behavioral1
Sample
61039d97d478405525707e3c0b4b3003.exe
Resource
win7-20240708-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
61039d97d478405525707e3c0b4b3003.exe
-
Size
4.2MB
-
MD5
61039d97d478405525707e3c0b4b3003
-
SHA1
501cf467cd61ca88a1e0991c2d7899a97237d8ff
-
SHA256
be39f15bfaeb90c138dbbc06f647ba537c5b451459343b9ef2a5583c0a02a89c
-
SHA512
d08d9262de6777f0b9f7d010462ec669d3f58cc202c528ca8caac9c9611a50629ee3c311abc3689fa7ce2e52eb1dacc17b3e9f0aac61ffa6f924e903879d74ee
-
SSDEEP
98304:rJjB8hwcXiocct8XrfDDUR8o7iPiyg9GrLi+3OgQp8odxsw53Er:t+WE8Xr0Rt7crg9Gu+3OgQQw
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-