General
-
Target
3b9c783ff5ccccd999d4d694386e6d60a4c6898852609dbafc3c0de9a8b8d7f2.exe
-
Size
4.3MB
-
Sample
241224-d69a2a1mhn
-
MD5
3c5270c3dc1643a06137d2ac8e5b6c45
-
SHA1
91a0bb7cdca4dc93101aef8545178fa336054341
-
SHA256
3b9c783ff5ccccd999d4d694386e6d60a4c6898852609dbafc3c0de9a8b8d7f2
-
SHA512
4637832171a4f34d6fec68408df25f163712a9c816bb89e2709d8eca7f4c450cb294ba7044dcc413d1d39c01cedea3a7307664bed8593cbcf8d022ac4a605626
-
SSDEEP
98304:DfvJBK3bUTE2erqMTuOk9cuX9Ris9HggsjPdenKe/gsJvy3q0BxQwBC78X6:DGI42er9y79lXXis9HDYPdsKe/LVWQic
Static task
static1
Behavioral task
behavioral1
Sample
3b9c783ff5ccccd999d4d694386e6d60a4c6898852609dbafc3c0de9a8b8d7f2.exe
Resource
win7-20240903-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
3b9c783ff5ccccd999d4d694386e6d60a4c6898852609dbafc3c0de9a8b8d7f2.exe
-
Size
4.3MB
-
MD5
3c5270c3dc1643a06137d2ac8e5b6c45
-
SHA1
91a0bb7cdca4dc93101aef8545178fa336054341
-
SHA256
3b9c783ff5ccccd999d4d694386e6d60a4c6898852609dbafc3c0de9a8b8d7f2
-
SHA512
4637832171a4f34d6fec68408df25f163712a9c816bb89e2709d8eca7f4c450cb294ba7044dcc413d1d39c01cedea3a7307664bed8593cbcf8d022ac4a605626
-
SSDEEP
98304:DfvJBK3bUTE2erqMTuOk9cuX9Ris9HggsjPdenKe/gsJvy3q0BxQwBC78X6:DGI42er9y79lXXis9HDYPdsKe/LVWQic
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-