General

  • Target

    78d5e1e506076e02ca87e9414b1484d6.exe

  • Size

    4.3MB

  • Sample

    241223-hptapsxkdv

  • MD5

    78d5e1e506076e02ca87e9414b1484d6

  • SHA1

    c41b363f251f3d0e6b1f52dcb49fc2bed4258b7d

  • SHA256

    873d4b5b8523bfb8bf18817fc0f1c01c7f843e2182f77f8c4d169175feb16d85

  • SHA512

    5181764100cdb6ec84de6e9b2e5c7f7c6e3abd8e05382128721038a8be471f376612a1a35bcbb328a0dfab4c5a574c77e320b01c59bddd19b54bb1adc8f92b10

  • SSDEEP

    98304:KS5opkY5orPSexK1RlF7vyTojI+lOBEvI+2JBBARgV3:KSqayorPSeol5RjImY5CKV

Malware Config

Extracted

Family

cryptbot

Targets

    • Target

      78d5e1e506076e02ca87e9414b1484d6.exe

    • Size

      4.3MB

    • MD5

      78d5e1e506076e02ca87e9414b1484d6

    • SHA1

      c41b363f251f3d0e6b1f52dcb49fc2bed4258b7d

    • SHA256

      873d4b5b8523bfb8bf18817fc0f1c01c7f843e2182f77f8c4d169175feb16d85

    • SHA512

      5181764100cdb6ec84de6e9b2e5c7f7c6e3abd8e05382128721038a8be471f376612a1a35bcbb328a0dfab4c5a574c77e320b01c59bddd19b54bb1adc8f92b10

    • SSDEEP

      98304:KS5opkY5orPSexK1RlF7vyTojI+lOBEvI+2JBBARgV3:KSqayorPSeol5RjImY5CKV

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Cryptbot family

    • Enumerates VirtualBox registry keys

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks