General
-
Target
5953c30c6e6687316eecad90085082496519f158efee2c29153e90c8b7e61aae_Sigmanly
-
Size
4.3MB
-
Sample
241224-vg7jksslaz
-
MD5
29e26186e733127fe58a92d8fa5710af
-
SHA1
5a898e03714aabec25ea798d04d75772f7180951
-
SHA256
5953c30c6e6687316eecad90085082496519f158efee2c29153e90c8b7e61aae
-
SHA512
eba0ea5996d19b22b015112c4d620e5042c415a6e82bb32014d13eabb04b72aabbc99111e4dc6403c601a677c7c25abb01078ead945e702b9fc31210fbacf1d2
-
SSDEEP
98304:qO4jyHe/QtzWZ9eeVoM7exb16CHfGYgirmDra8okh18u32LJtJ:IyHVke0ep1yZumDrkAmF1tJ
Static task
static1
Behavioral task
behavioral1
Sample
5953c30c6e6687316eecad90085082496519f158efee2c29153e90c8b7e61aae_Sigmanly.exe
Resource
win7-20240903-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
5953c30c6e6687316eecad90085082496519f158efee2c29153e90c8b7e61aae_Sigmanly
-
Size
4.3MB
-
MD5
29e26186e733127fe58a92d8fa5710af
-
SHA1
5a898e03714aabec25ea798d04d75772f7180951
-
SHA256
5953c30c6e6687316eecad90085082496519f158efee2c29153e90c8b7e61aae
-
SHA512
eba0ea5996d19b22b015112c4d620e5042c415a6e82bb32014d13eabb04b72aabbc99111e4dc6403c601a677c7c25abb01078ead945e702b9fc31210fbacf1d2
-
SSDEEP
98304:qO4jyHe/QtzWZ9eeVoM7exb16CHfGYgirmDra8okh18u32LJtJ:IyHVke0ep1yZumDrkAmF1tJ
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-