General
-
Target
091d3f8ba5a2b3869f66ba28c3730adf3600c882b1d41f6bb07d969a6c59c051_Sigmanly
-
Size
4.3MB
-
Sample
241224-jqjnbstjep
-
MD5
7c49272d34500cf637bcf65cbf605fc0
-
SHA1
be8fa3f2c3f837c28f598095b1b14d5b8731514a
-
SHA256
091d3f8ba5a2b3869f66ba28c3730adf3600c882b1d41f6bb07d969a6c59c051
-
SHA512
b85bcb93de283bc3e73fa1a667d910e70d59aef9d452a27abd44a2a82c6d89bfcc3aaf81573f8811095b2cd3adf42acaabacf97db5454d17a84a87060f451943
-
SSDEEP
98304:Yxu0glhu4t/BfUOCPdvnW3ae5f/VydQ7IalSMp:Yo0Oh/fUfhe5f/cdgIr
Static task
static1
Behavioral task
behavioral1
Sample
091d3f8ba5a2b3869f66ba28c3730adf3600c882b1d41f6bb07d969a6c59c051_Sigmanly.exe
Resource
win7-20240903-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
091d3f8ba5a2b3869f66ba28c3730adf3600c882b1d41f6bb07d969a6c59c051_Sigmanly
-
Size
4.3MB
-
MD5
7c49272d34500cf637bcf65cbf605fc0
-
SHA1
be8fa3f2c3f837c28f598095b1b14d5b8731514a
-
SHA256
091d3f8ba5a2b3869f66ba28c3730adf3600c882b1d41f6bb07d969a6c59c051
-
SHA512
b85bcb93de283bc3e73fa1a667d910e70d59aef9d452a27abd44a2a82c6d89bfcc3aaf81573f8811095b2cd3adf42acaabacf97db5454d17a84a87060f451943
-
SSDEEP
98304:Yxu0glhu4t/BfUOCPdvnW3ae5f/VydQ7IalSMp:Yo0Oh/fUfhe5f/cdgIr
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-