General

  • Target

    5953c30c6e6687316eecad90085082496519f158efee2c29153e90c8b7e61aae_Sigmanly

  • Size

    4.3MB

  • Sample

    241224-vg7jksslaz

  • MD5

    29e26186e733127fe58a92d8fa5710af

  • SHA1

    5a898e03714aabec25ea798d04d75772f7180951

  • SHA256

    5953c30c6e6687316eecad90085082496519f158efee2c29153e90c8b7e61aae

  • SHA512

    eba0ea5996d19b22b015112c4d620e5042c415a6e82bb32014d13eabb04b72aabbc99111e4dc6403c601a677c7c25abb01078ead945e702b9fc31210fbacf1d2

  • SSDEEP

    98304:qO4jyHe/QtzWZ9eeVoM7exb16CHfGYgirmDra8okh18u32LJtJ:IyHVke0ep1yZumDrkAmF1tJ

Malware Config

Extracted

Family

cryptbot

Targets

    • Target

      5953c30c6e6687316eecad90085082496519f158efee2c29153e90c8b7e61aae_Sigmanly

    • Size

      4.3MB

    • MD5

      29e26186e733127fe58a92d8fa5710af

    • SHA1

      5a898e03714aabec25ea798d04d75772f7180951

    • SHA256

      5953c30c6e6687316eecad90085082496519f158efee2c29153e90c8b7e61aae

    • SHA512

      eba0ea5996d19b22b015112c4d620e5042c415a6e82bb32014d13eabb04b72aabbc99111e4dc6403c601a677c7c25abb01078ead945e702b9fc31210fbacf1d2

    • SSDEEP

      98304:qO4jyHe/QtzWZ9eeVoM7exb16CHfGYgirmDra8okh18u32LJtJ:IyHVke0ep1yZumDrkAmF1tJ

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Cryptbot family

    • Enumerates VirtualBox registry keys

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks