General
-
Target
d56ba5e51f2ea3ce492e545bac05b0b5ca2c25ec6608ee2c2738d4f815b3eab2.exe
-
Size
4.3MB
-
Sample
241224-gjsxbasmcp
-
MD5
faf718856c97bf090fa14d751014aa12
-
SHA1
d536f3b51af70c809baa2759873791caeb8d6f38
-
SHA256
d56ba5e51f2ea3ce492e545bac05b0b5ca2c25ec6608ee2c2738d4f815b3eab2
-
SHA512
6c9b9d56df87eebd9824d499f8215d47ed8ddbded3d0fe9be7c3d87b2fcc9ca2f3f39f43ec7adfeff09540c51894fe2b3f1e7d7032d77bb5be50ae233855d161
-
SSDEEP
98304:rerEt1atjte2b0vwppWwqPvlwirfHr82NYlVJUQoxdX27yEVf0MoO:rOEt1aptavwppWtdwizHrvNYlfixKFVu
Static task
static1
Behavioral task
behavioral1
Sample
d56ba5e51f2ea3ce492e545bac05b0b5ca2c25ec6608ee2c2738d4f815b3eab2.exe
Resource
win7-20240903-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
d56ba5e51f2ea3ce492e545bac05b0b5ca2c25ec6608ee2c2738d4f815b3eab2.exe
-
Size
4.3MB
-
MD5
faf718856c97bf090fa14d751014aa12
-
SHA1
d536f3b51af70c809baa2759873791caeb8d6f38
-
SHA256
d56ba5e51f2ea3ce492e545bac05b0b5ca2c25ec6608ee2c2738d4f815b3eab2
-
SHA512
6c9b9d56df87eebd9824d499f8215d47ed8ddbded3d0fe9be7c3d87b2fcc9ca2f3f39f43ec7adfeff09540c51894fe2b3f1e7d7032d77bb5be50ae233855d161
-
SSDEEP
98304:rerEt1atjte2b0vwppWwqPvlwirfHr82NYlVJUQoxdX27yEVf0MoO:rOEt1aptavwppWtdwizHrvNYlfixKFVu
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-