Extracted

• • Target

    e4420b07cff76b9f623b1e9ed3957d708769a744f245e27fb3b1e44cdc67eb35_Sigmanly

  • Size

    4.2MB

  • MD5

    1d057672840921889505863b33e87671

  • SHA1

    3bbc68098e4080f656c7f92147a54d05d18e1277

  • SHA256

    e4420b07cff76b9f623b1e9ed3957d708769a744f245e27fb3b1e44cdc67eb35

  • SHA512

    12f5d869fea831d66f0811bc00a2c25e4d156f24189a7eee3e4593d0062057638686f780132a188f52ac6de9fba78404517ca041205c6834dd135217d0ab4eed

  • SSDEEP

    98304:B4PLy6XyZ1/zueq6LPtQ+IJU/Wxafa8Q8dTrVaLgZqyf+aCGxqGqE31y:2umi7ueq1HiqafFQmVBkG4O

  Score

  10^/10

  cryptbotdiscoveryevasionspywarestealer

  • CryptBot

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot

  • Cryptbot family

    cryptbot

  • Enumerates VirtualBox registry keys

    evasion

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2