General
-
Target
9fac753db5ec1b01d51c6f073dec122d.exe
-
Size
4.3MB
-
Sample
241224-jhcj2ssrgq
-
MD5
9fac753db5ec1b01d51c6f073dec122d
-
SHA1
f25a035618b6a391375e7a4ffd43d96cfe06df36
-
SHA256
82ef038b58bc0dddf3e68504906f8e1c85ea32910d726231b6008cdecff175c3
-
SHA512
3d61cb7544d136a06b0ad784461d531192f8af255e798168dcc7cbcd9dd7db61565179137ec0b7814ff083d1297675bbb5884cc50425c70b2ca0fbca2f0dd61a
-
SSDEEP
98304:ubFqupHMEqflIupZ1yyqs8XKXb90Us1ZhHgK77hUoKlfQuw:AFnhp+VX1yyqs+KydDWBlfQ
Static task
static1
Behavioral task
behavioral1
Sample
9fac753db5ec1b01d51c6f073dec122d.exe
Resource
win7-20240903-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
9fac753db5ec1b01d51c6f073dec122d.exe
-
Size
4.3MB
-
MD5
9fac753db5ec1b01d51c6f073dec122d
-
SHA1
f25a035618b6a391375e7a4ffd43d96cfe06df36
-
SHA256
82ef038b58bc0dddf3e68504906f8e1c85ea32910d726231b6008cdecff175c3
-
SHA512
3d61cb7544d136a06b0ad784461d531192f8af255e798168dcc7cbcd9dd7db61565179137ec0b7814ff083d1297675bbb5884cc50425c70b2ca0fbca2f0dd61a
-
SSDEEP
98304:ubFqupHMEqflIupZ1yyqs8XKXb90Us1ZhHgK77hUoKlfQuw:AFnhp+VX1yyqs+KydDWBlfQ
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-