General
-
Target
ebfe28cb77f3d1246693fa372420d022.exe
-
Size
4.2MB
-
Sample
241220-stlrjayrcm
-
MD5
ebfe28cb77f3d1246693fa372420d022
-
SHA1
f775bdf11301f3c1577668ae9245e1c22ab54ea6
-
SHA256
fcf09a75838f976b2a8112606dee0912e662a5727822d8e349006299c3f6093a
-
SHA512
dea11bcc617b17fd7bb050ef32c27f00a623f209d88df6c712d5cfc10c82141cc5ff8ec9507d0f8ec6bc8f8b675e105b1972264deab5a3fbc91c9f9b2ab80d9e
-
SSDEEP
98304:jh5LEofZ8SpH2OOS9gqEGuqskgY07kVOURaGIqGpMu0AU:d9D7zOS9gqEGuqskgYZOURaGW
Static task
static1
Behavioral task
behavioral1
Sample
ebfe28cb77f3d1246693fa372420d022.exe
Resource
win7-20240903-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
ebfe28cb77f3d1246693fa372420d022.exe
-
Size
4.2MB
-
MD5
ebfe28cb77f3d1246693fa372420d022
-
SHA1
f775bdf11301f3c1577668ae9245e1c22ab54ea6
-
SHA256
fcf09a75838f976b2a8112606dee0912e662a5727822d8e349006299c3f6093a
-
SHA512
dea11bcc617b17fd7bb050ef32c27f00a623f209d88df6c712d5cfc10c82141cc5ff8ec9507d0f8ec6bc8f8b675e105b1972264deab5a3fbc91c9f9b2ab80d9e
-
SSDEEP
98304:jh5LEofZ8SpH2OOS9gqEGuqskgY07kVOURaGIqGpMu0AU:d9D7zOS9gqEGuqskgYZOURaGW
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-