General

  • Target

    d8c306be8b162d1bac121505807854c2.exe

  • Size

    4.3MB

  • Sample

    241224-je9elssqdy

  • MD5

    d8c306be8b162d1bac121505807854c2

  • SHA1

    e4a51b11e25647c593d20fa21b63d9a2ae9aa05a

  • SHA256

    e5326d1008ed401c53b3ad6629a7b7dbac5de87bec42a0120f58b82a9e4b9e86

  • SHA512

    ebf89f44519c838365a4b817faa5956b2ae150a0d552336d6259275f7996a944524ab48fd259868b6982ec1cbcc9de2de78040098ea373cb0b68013b0240fe55

  • SSDEEP

    98304:3bRWR1jRF/xmTwYxLJgOmQ0EiWpsa7WXzJ7wtjjmw9:3bRK1//xmUYV+7Ev6aqjJUtj6s

Malware Config

Extracted

Family

cryptbot

Targets

    • Target

      d8c306be8b162d1bac121505807854c2.exe

    • Size

      4.3MB

    • MD5

      d8c306be8b162d1bac121505807854c2

    • SHA1

      e4a51b11e25647c593d20fa21b63d9a2ae9aa05a

    • SHA256

      e5326d1008ed401c53b3ad6629a7b7dbac5de87bec42a0120f58b82a9e4b9e86

    • SHA512

      ebf89f44519c838365a4b817faa5956b2ae150a0d552336d6259275f7996a944524ab48fd259868b6982ec1cbcc9de2de78040098ea373cb0b68013b0240fe55

    • SSDEEP

      98304:3bRWR1jRF/xmTwYxLJgOmQ0EiWpsa7WXzJ7wtjjmw9:3bRK1//xmUYV+7Ev6aqjJUtj6s

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Cryptbot family

    • Enumerates VirtualBox registry keys

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks