General
-
Target
327e4bd70e2906769929a778b0bcd154.exe
-
Size
4.3MB
-
Sample
241224-je84vasqdt
-
MD5
327e4bd70e2906769929a778b0bcd154
-
SHA1
3c585820793d95d83246ae07d14c27573fac2995
-
SHA256
b34f8c961602120e9e73cae2cc5acd563bf8069760b18ce81e6eecdd22658601
-
SHA512
6b32b3b9e9c94dca4cbc7d36e631299c215ad536ecf152980f7f77b7f5d307f4c6b7e462101445909f6d68086695293cd412d4018b50d63076934d6a22005a19
-
SSDEEP
98304:ZelV7kkR2OFNwHI2gEn2k/2hwJvOox54Fale6q006hJNl:Z6uk1C2TaJzx54We690CV
Static task
static1
Behavioral task
behavioral1
Sample
327e4bd70e2906769929a778b0bcd154.exe
Resource
win7-20240903-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
327e4bd70e2906769929a778b0bcd154.exe
-
Size
4.3MB
-
MD5
327e4bd70e2906769929a778b0bcd154
-
SHA1
3c585820793d95d83246ae07d14c27573fac2995
-
SHA256
b34f8c961602120e9e73cae2cc5acd563bf8069760b18ce81e6eecdd22658601
-
SHA512
6b32b3b9e9c94dca4cbc7d36e631299c215ad536ecf152980f7f77b7f5d307f4c6b7e462101445909f6d68086695293cd412d4018b50d63076934d6a22005a19
-
SSDEEP
98304:ZelV7kkR2OFNwHI2gEn2k/2hwJvOox54Fale6q006hJNl:Z6uk1C2TaJzx54We690CV
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-