General
-
Target
f0864fdc2ad33b2b2b0228a4eaff187d4a8b7cf80ceaa4c9d6039357f8288a38.exe
-
Size
4.3MB
-
Sample
241224-gwrj1ssncl
-
MD5
e29a86043d208815a869ca5659d6894c
-
SHA1
3c9757b3785b7f6f46d80ad29d454f0798e689de
-
SHA256
f0864fdc2ad33b2b2b0228a4eaff187d4a8b7cf80ceaa4c9d6039357f8288a38
-
SHA512
e1837c24231efbd96999f0cadcb4eda7d4520fc8eee22c65f0a1bc55b72ebdac2e1842bb3b016d4c0a6295ac524bf3af526f46930dd18bcba39e13e2c79a67be
-
SSDEEP
98304:JxOXj3eSSw0z20voCNnseZ/T0jtG9l5QK1FGzgw31z2:/WLeSSDq0vyeZ/T0jtGD5QK1Qk8
Static task
static1
Behavioral task
behavioral1
Sample
f0864fdc2ad33b2b2b0228a4eaff187d4a8b7cf80ceaa4c9d6039357f8288a38.exe
Resource
win7-20240708-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
f0864fdc2ad33b2b2b0228a4eaff187d4a8b7cf80ceaa4c9d6039357f8288a38.exe
-
Size
4.3MB
-
MD5
e29a86043d208815a869ca5659d6894c
-
SHA1
3c9757b3785b7f6f46d80ad29d454f0798e689de
-
SHA256
f0864fdc2ad33b2b2b0228a4eaff187d4a8b7cf80ceaa4c9d6039357f8288a38
-
SHA512
e1837c24231efbd96999f0cadcb4eda7d4520fc8eee22c65f0a1bc55b72ebdac2e1842bb3b016d4c0a6295ac524bf3af526f46930dd18bcba39e13e2c79a67be
-
SSDEEP
98304:JxOXj3eSSw0z20voCNnseZ/T0jtG9l5QK1FGzgw31z2:/WLeSSDq0vyeZ/T0jtGD5QK1Qk8
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-