General

  • Target

    9fac753db5ec1b01d51c6f073dec122d.exe

  • Size

    4.3MB

  • Sample

    241224-jhcj2ssrgq

  • MD5

    9fac753db5ec1b01d51c6f073dec122d

  • SHA1

    f25a035618b6a391375e7a4ffd43d96cfe06df36

  • SHA256

    82ef038b58bc0dddf3e68504906f8e1c85ea32910d726231b6008cdecff175c3

  • SHA512

    3d61cb7544d136a06b0ad784461d531192f8af255e798168dcc7cbcd9dd7db61565179137ec0b7814ff083d1297675bbb5884cc50425c70b2ca0fbca2f0dd61a

  • SSDEEP

    98304:ubFqupHMEqflIupZ1yyqs8XKXb90Us1ZhHgK77hUoKlfQuw:AFnhp+VX1yyqs+KydDWBlfQ

Malware Config

Extracted

Family

cryptbot

Targets

    • Target

      9fac753db5ec1b01d51c6f073dec122d.exe

    • Size

      4.3MB

    • MD5

      9fac753db5ec1b01d51c6f073dec122d

    • SHA1

      f25a035618b6a391375e7a4ffd43d96cfe06df36

    • SHA256

      82ef038b58bc0dddf3e68504906f8e1c85ea32910d726231b6008cdecff175c3

    • SHA512

      3d61cb7544d136a06b0ad784461d531192f8af255e798168dcc7cbcd9dd7db61565179137ec0b7814ff083d1297675bbb5884cc50425c70b2ca0fbca2f0dd61a

    • SSDEEP

      98304:ubFqupHMEqflIupZ1yyqs8XKXb90Us1ZhHgK77hUoKlfQuw:AFnhp+VX1yyqs+KydDWBlfQ

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Cryptbot family

    • Enumerates VirtualBox registry keys

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks