General
-
Target
73f68155f6230d9108727743c020e3b9.exe
-
Size
4.3MB
-
Sample
241223-tqslcavjdz
-
MD5
73f68155f6230d9108727743c020e3b9
-
SHA1
c424e5d1d5310588b154fd4f9e440a6f8972cbe4
-
SHA256
8d66e41b9670d3890741fea8536846630e8a0a9aaac7a8858cdd6fec59e71be6
-
SHA512
fca81963b539c4cb8d43ef09de5977d442b044ef5bb4986cb98913bfd967c8271802f64ad3153b749f8c06f7296e75047b69b5e27665ea57d0f54ce90e0bdc91
-
SSDEEP
98304:nuHtPnOxYsJlCI5HgKd0coQz3AvDf3KYK3XkgNYx+XKpkWFEc:uHtPnOJJlTpgIxD3ejnWXk0G+6yW
Static task
static1
Behavioral task
behavioral1
Sample
73f68155f6230d9108727743c020e3b9.exe
Resource
win7-20240903-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
73f68155f6230d9108727743c020e3b9.exe
-
Size
4.3MB
-
MD5
73f68155f6230d9108727743c020e3b9
-
SHA1
c424e5d1d5310588b154fd4f9e440a6f8972cbe4
-
SHA256
8d66e41b9670d3890741fea8536846630e8a0a9aaac7a8858cdd6fec59e71be6
-
SHA512
fca81963b539c4cb8d43ef09de5977d442b044ef5bb4986cb98913bfd967c8271802f64ad3153b749f8c06f7296e75047b69b5e27665ea57d0f54ce90e0bdc91
-
SSDEEP
98304:nuHtPnOxYsJlCI5HgKd0coQz3AvDf3KYK3XkgNYx+XKpkWFEc:uHtPnOJJlTpgIxD3ejnWXk0G+6yW
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-