General
-
Target
9998bda3902f7c90ac5653aa2f04bbc6.exe
-
Size
4.3MB
-
Sample
241223-hn8zrsxkc1
-
MD5
9998bda3902f7c90ac5653aa2f04bbc6
-
SHA1
6a191212c2961a0e412d69a3c425b41e8d269db2
-
SHA256
82eaccc2d63f27f015800090f3bf79e8087c8c118c6420896752ea6009d1594f
-
SHA512
70068831fe9b691167aaea339b23601575efc01a339ec0247c8c5ad64af65ba248c79fae21295899476964cacf21b748bd3ffe019f628937d2bfe00543c4b6b3
-
SSDEEP
98304:vr+QRpTr9zchEfJa6XKxRJuQsYkxUXm2/Y2KPuWtnAD:j++pfJNquQsw1/7WtnAD
Static task
static1
Behavioral task
behavioral1
Sample
9998bda3902f7c90ac5653aa2f04bbc6.exe
Resource
win7-20241010-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
9998bda3902f7c90ac5653aa2f04bbc6.exe
-
Size
4.3MB
-
MD5
9998bda3902f7c90ac5653aa2f04bbc6
-
SHA1
6a191212c2961a0e412d69a3c425b41e8d269db2
-
SHA256
82eaccc2d63f27f015800090f3bf79e8087c8c118c6420896752ea6009d1594f
-
SHA512
70068831fe9b691167aaea339b23601575efc01a339ec0247c8c5ad64af65ba248c79fae21295899476964cacf21b748bd3ffe019f628937d2bfe00543c4b6b3
-
SSDEEP
98304:vr+QRpTr9zchEfJa6XKxRJuQsYkxUXm2/Y2KPuWtnAD:j++pfJNquQsw1/7WtnAD
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-