General
-
Target
a6f94c1717ad8bb2d8a2db5d3b286e1e5bbe6b5086216661250579e654826e73.exe
-
Size
4.3MB
-
Sample
241221-dem9gs1ngk
-
MD5
f4d4066fee7e7e63dd914f564202af5b
-
SHA1
bf2330d98dc66911f0078539ee48e6ad8dbb4686
-
SHA256
a6f94c1717ad8bb2d8a2db5d3b286e1e5bbe6b5086216661250579e654826e73
-
SHA512
468d6cbcfbebf5a1140a161fe742188df14d942a3681f1931ae7c0c840c24f9c3b2e55745478c1472e2f6cfec96df27265da93917c390c6ad0c51d6d9062fba1
-
SSDEEP
98304:yGJm9VvjOlk+BwDMO8cAqgVRWn8sTNRjWJzVGKRUVXKEbUzH:OvurwD38ygVRW8sBRCzGOuUz
Static task
static1
Behavioral task
behavioral1
Sample
a6f94c1717ad8bb2d8a2db5d3b286e1e5bbe6b5086216661250579e654826e73.exe
Resource
win7-20241010-en
Malware Config
Extracted
cryptbot
http://home.fivetk5vt.top/hLfzXsaqNtoEGyaUtOMJ1734
Targets
-
-
Target
a6f94c1717ad8bb2d8a2db5d3b286e1e5bbe6b5086216661250579e654826e73.exe
-
Size
4.3MB
-
MD5
f4d4066fee7e7e63dd914f564202af5b
-
SHA1
bf2330d98dc66911f0078539ee48e6ad8dbb4686
-
SHA256
a6f94c1717ad8bb2d8a2db5d3b286e1e5bbe6b5086216661250579e654826e73
-
SHA512
468d6cbcfbebf5a1140a161fe742188df14d942a3681f1931ae7c0c840c24f9c3b2e55745478c1472e2f6cfec96df27265da93917c390c6ad0c51d6d9062fba1
-
SSDEEP
98304:yGJm9VvjOlk+BwDMO8cAqgVRWn8sTNRjWJzVGKRUVXKEbUzH:OvurwD38ygVRW8sBRCzGOuUz
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-