Extracted

• • Target

    666714eecf2a0e9b59e72bf55e93f7fc46ba9463c043381fbe9eca8df0011527_Sigmanly

  • Size

    4.3MB

  • MD5

    f6672648c1d176cf6c398bd74d5966e4

  • SHA1

    3e37955db4ca3616181df3577f0e9dcc353a3016

  • SHA256

    666714eecf2a0e9b59e72bf55e93f7fc46ba9463c043381fbe9eca8df0011527

  • SHA512

    161fe1ffd292d2d656d447f08d9e46b32a18f4c2ae868baa9202a2f960eeed1f832710ab6d2bc8a07f36c8167c4d2f6f2c9af3d1abd6a44f3e11f8aadc4f08ff

  • SSDEEP

    98304:F7sJw8ji7nUeI6AKaQ0omGhOC2D+cUfWr9XtdNchZEuVa3b/m:RsJw8jsIdJuhN2D+RfERcheuIr/m

  Score

  10^/10

  cryptbotdiscoveryevasionspywarestealer

  • CryptBot

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot

  • Cryptbot family

    cryptbot

  • Enumerates VirtualBox registry keys

    evasion

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2