Extracted

• • Target

    ffcc7288342a28c0580bea142951bf4ac33a3f391d8f9323f9e74293d2817e82_Sigmanly

  • Size

    4.2MB

  • MD5

    8664a5a6e958f985735b8a17171550bc

  • SHA1

    3deb8bfcdc32ddf9a678f44c59aa70e3a7f5bb5f

  • SHA256

    ffcc7288342a28c0580bea142951bf4ac33a3f391d8f9323f9e74293d2817e82

  • SHA512

    adc1c9bc3af3a39b066a9231ef6bd9119d48dff41a4e5bfac695c40a5d2b9e5e9f4eb6e4779408cd7f22fe0e7e5697d7fa314778864fd13bb321db3f8d0514b0

  • SSDEEP

    98304:i5Vhq3obBjDB2C53R1xQuyJul6y09/LuI7/wH8yO1g:8SobpDRB1XyJul6y04W/wH8y+

  Score

  10^/10

  cryptbotdiscoveryevasionspywarestealer

  • CryptBot

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot

  • Cryptbot family

    cryptbot

  • Enumerates VirtualBox registry keys

    evasion

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2