General
-
Target
10e89712e1f7ae7b5826efe91df81a3c.bin
-
Size
4.2MB
-
Sample
241225-bc2yraspgl
-
MD5
eb10fc16efdbda26435647873e9f31a9
-
SHA1
4a56c2f66815b2ade126ff34db29102d41d178c3
-
SHA256
685c80e25e601806730a92617c822f9c578572ac85917970eee7e7de4516b513
-
SHA512
14b22ae53c1ee7140d340bead7453c4b4f974adb9bbc1fe7fe0801fe7ef515460b57942bb4dd54ebbcafcea57600cd73ef9e2274c9956df946b194a73fd7b409
-
SSDEEP
98304:Q6KKxy82kiq1lBFOR/OpGYtaF48VRmgdohzRFg1uOe+zlE:Q6VxUqnOJP55P4fg1uOeElE
Static task
static1
Behavioral task
behavioral1
Sample
7761a09c6439f719725b503155717748fa0851cfd5dc9fd9ee610684110b2816.exe
Resource
win7-20241023-en
Malware Config
Extracted
cryptbot
Targets
-
-
Target
7761a09c6439f719725b503155717748fa0851cfd5dc9fd9ee610684110b2816.exe
-
Size
4.3MB
-
MD5
10e89712e1f7ae7b5826efe91df81a3c
-
SHA1
6b33f0f0b8b3196b2465cb6ac8ec429a31dd7f3d
-
SHA256
7761a09c6439f719725b503155717748fa0851cfd5dc9fd9ee610684110b2816
-
SHA512
2878276c278e118dcf084d28b83f19d3ab92956c44060f68d9b444ea6cdd158bd4da259c436b5e4f1b94f886918ab87087077c81007a0ed6b8d4bd64b05f5fe4
-
SSDEEP
98304:slwxPEyQwrqe9BKkpbDpuAblj0pUAY+zWIF6xK:ue9BXPtlj0ht5
-
Cryptbot family
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-