General
-
Target
873d4b5b8523bfb8bf18817fc0f1c01c7f843e2182f77f8c4d169175feb16d85_Sigmanly
-
Size
4.3MB
-
Sample
241224-jltmqstjck
-
MD5
78d5e1e506076e02ca87e9414b1484d6
-
SHA1
c41b363f251f3d0e6b1f52dcb49fc2bed4258b7d
-
SHA256
873d4b5b8523bfb8bf18817fc0f1c01c7f843e2182f77f8c4d169175feb16d85
-
SHA512
5181764100cdb6ec84de6e9b2e5c7f7c6e3abd8e05382128721038a8be471f376612a1a35bcbb328a0dfab4c5a574c77e320b01c59bddd19b54bb1adc8f92b10
-
SSDEEP
98304:KS5opkY5orPSexK1RlF7vyTojI+lOBEvI+2JBBARgV3:KSqayorPSeol5RjImY5CKV
Static task
static1
Behavioral task
behavioral1
Sample
873d4b5b8523bfb8bf18817fc0f1c01c7f843e2182f77f8c4d169175feb16d85_Sigmanly.exe
Resource
win7-20240903-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
873d4b5b8523bfb8bf18817fc0f1c01c7f843e2182f77f8c4d169175feb16d85_Sigmanly
-
Size
4.3MB
-
MD5
78d5e1e506076e02ca87e9414b1484d6
-
SHA1
c41b363f251f3d0e6b1f52dcb49fc2bed4258b7d
-
SHA256
873d4b5b8523bfb8bf18817fc0f1c01c7f843e2182f77f8c4d169175feb16d85
-
SHA512
5181764100cdb6ec84de6e9b2e5c7f7c6e3abd8e05382128721038a8be471f376612a1a35bcbb328a0dfab4c5a574c77e320b01c59bddd19b54bb1adc8f92b10
-
SSDEEP
98304:KS5opkY5orPSexK1RlF7vyTojI+lOBEvI+2JBBARgV3:KSqayorPSeol5RjImY5CKV
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-