General

  • Target

    3b9c783ff5ccccd999d4d694386e6d60a4c6898852609dbafc3c0de9a8b8d7f2.exe

  • Size

    4.3MB

  • Sample

    241224-d69a2a1mhn

  • MD5

    3c5270c3dc1643a06137d2ac8e5b6c45

  • SHA1

    91a0bb7cdca4dc93101aef8545178fa336054341

  • SHA256

    3b9c783ff5ccccd999d4d694386e6d60a4c6898852609dbafc3c0de9a8b8d7f2

  • SHA512

    4637832171a4f34d6fec68408df25f163712a9c816bb89e2709d8eca7f4c450cb294ba7044dcc413d1d39c01cedea3a7307664bed8593cbcf8d022ac4a605626

  • SSDEEP

    98304:DfvJBK3bUTE2erqMTuOk9cuX9Ris9HggsjPdenKe/gsJvy3q0BxQwBC78X6:DGI42er9y79lXXis9HDYPdsKe/LVWQic

Malware Config

Extracted

Family

cryptbot

Targets

    • Target

      3b9c783ff5ccccd999d4d694386e6d60a4c6898852609dbafc3c0de9a8b8d7f2.exe

    • Size

      4.3MB

    • MD5

      3c5270c3dc1643a06137d2ac8e5b6c45

    • SHA1

      91a0bb7cdca4dc93101aef8545178fa336054341

    • SHA256

      3b9c783ff5ccccd999d4d694386e6d60a4c6898852609dbafc3c0de9a8b8d7f2

    • SHA512

      4637832171a4f34d6fec68408df25f163712a9c816bb89e2709d8eca7f4c450cb294ba7044dcc413d1d39c01cedea3a7307664bed8593cbcf8d022ac4a605626

    • SSDEEP

      98304:DfvJBK3bUTE2erqMTuOk9cuX9Ris9HggsjPdenKe/gsJvy3q0BxQwBC78X6:DGI42er9y79lXXis9HDYPdsKe/LVWQic

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Cryptbot family

    • Enumerates VirtualBox registry keys

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks