General
-
Target
40537aa62a4949ad137a04bcfaaf15e94634aeffb7c84ea34dc403f8f99c7579.exe
-
Size
4.3MB
-
Sample
241224-d7jrrs1ke1
-
MD5
4b7a502ea349a1138dabc95986ae5f01
-
SHA1
2fc5f42c5bb44566198a2069eb11327043216689
-
SHA256
40537aa62a4949ad137a04bcfaaf15e94634aeffb7c84ea34dc403f8f99c7579
-
SHA512
1238161d24634561b0de608d2857d82f99582c0b216c1d5cac02e5ec2039cc73b4b8211d48c58d8fe38c7599a284096d087659749dc037b3dacb6b9d1e891186
-
SSDEEP
98304:VsA3f3OQ4tskTO2+947Yxgm9cHW6WwCOTHG3p1k2:H3OD3Zr7Ugm9cgom
Static task
static1
Behavioral task
behavioral1
Sample
40537aa62a4949ad137a04bcfaaf15e94634aeffb7c84ea34dc403f8f99c7579.exe
Resource
win7-20241010-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
40537aa62a4949ad137a04bcfaaf15e94634aeffb7c84ea34dc403f8f99c7579.exe
-
Size
4.3MB
-
MD5
4b7a502ea349a1138dabc95986ae5f01
-
SHA1
2fc5f42c5bb44566198a2069eb11327043216689
-
SHA256
40537aa62a4949ad137a04bcfaaf15e94634aeffb7c84ea34dc403f8f99c7579
-
SHA512
1238161d24634561b0de608d2857d82f99582c0b216c1d5cac02e5ec2039cc73b4b8211d48c58d8fe38c7599a284096d087659749dc037b3dacb6b9d1e891186
-
SSDEEP
98304:VsA3f3OQ4tskTO2+947Yxgm9cHW6WwCOTHG3p1k2:H3OD3Zr7Ugm9cgom
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-