General
-
Target
addcaa0a499117f20a6ee001400afe6f.exe
-
Size
4.2MB
-
Sample
241220-sxglzsyrgr
-
MD5
addcaa0a499117f20a6ee001400afe6f
-
SHA1
557061d6f312513fde8f625e5f4056f1e96d5e28
-
SHA256
ae3093ba11da6e6fd69ee93e0b7e9430809fcaee466d7e73f1d4ffbdc57825a8
-
SHA512
aa73ede47c5759dd8ebe7b4cee2ac998a4d5238889dee6d3bd699218ef053ccce80686ddad7b5ed3fbd4f7e1265b9016d90732478bdcc884bab083d5c76232e6
-
SSDEEP
98304:K+IVsI9xI0kbV97BWTgwW64f9Pka0J4UMoJza5zLrQsa:K+I/Zk3nwaMatUMola5frQN
Static task
static1
Behavioral task
behavioral1
Sample
addcaa0a499117f20a6ee001400afe6f.exe
Resource
win7-20240729-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
addcaa0a499117f20a6ee001400afe6f.exe
-
Size
4.2MB
-
MD5
addcaa0a499117f20a6ee001400afe6f
-
SHA1
557061d6f312513fde8f625e5f4056f1e96d5e28
-
SHA256
ae3093ba11da6e6fd69ee93e0b7e9430809fcaee466d7e73f1d4ffbdc57825a8
-
SHA512
aa73ede47c5759dd8ebe7b4cee2ac998a4d5238889dee6d3bd699218ef053ccce80686ddad7b5ed3fbd4f7e1265b9016d90732478bdcc884bab083d5c76232e6
-
SSDEEP
98304:K+IVsI9xI0kbV97BWTgwW64f9Pka0J4UMoJza5zLrQsa:K+I/Zk3nwaMatUMola5frQN
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-