Extracted

• • Target

    6eb9cd9fe518bd6649b3db9de8478d7e8570fa22272b111a76c491749e049994_Sigmanly

  • Size

    4.3MB

  • MD5

    339948cf14bfed6a4e1cd717beeb9fff

  • SHA1

    5579437dde79a533dd625fb7fb1ccdb6226e3364

  • SHA256

    6eb9cd9fe518bd6649b3db9de8478d7e8570fa22272b111a76c491749e049994

  • SHA512

    483ee1fcd7ac2262e90feb4bf38a7a11a4f76a77d577cda49fb0e6ddf30db36f33819af2dced92d7af156fc25132878cd2b69fe4e210698562990e80ff1f4733

  • SSDEEP

    49152:I2c+UqRHoBg+InSsYjp0UE2fHvc/IMqDwU8PU+WKOUSjJSU1lSINnjnwcLH3bsAn:Dc+Uq2/IVyqUigjDLbSIxwPD6Ew

  Score

  10^/10

  cryptbotdiscoveryevasionspywarestealer

  • CryptBot

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot

  • Cryptbot family

    cryptbot

  • Enumerates VirtualBox registry keys

    evasion

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2