Extracted

• • Target

    5fad6c65b553ca73463694390e2f9301.exe

  • Size

    4.2MB

  • MD5

    5fad6c65b553ca73463694390e2f9301

  • SHA1

    7a624d02450205c7a89d6397979486873b47be39

  • SHA256

    bad2c4c499a3bb89e8098f5fe7b43cdb248d6e70bb23a07de1ebb83fac880175

  • SHA512

    a8c971d1434c65dc0ee32fca2b4521ca1f86b1784b75fbef557fca7174fa0344204fd9512212dd4c8214a1d6f103c7f955df60eba13bc45a27e8ad844a391c47

  • SSDEEP

    98304:kqfzsA9ZrTeQtxk/DZvun9EaAN8rvlEUOm+ZpvM5xevOH:kqwA9RTIDp8ma9NkPpk5o0

  Score

  10^/10

  cryptbotdiscoveryevasionspywarestealer

  • CryptBot

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot

  • Cryptbot family

    cryptbot

  • Enumerates VirtualBox registry keys

    evasion

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2