General

  • Target

    abcff1e6ac84a5ec546b6672ce45bf02.exe

  • Size

    4.2MB

  • Sample

    241228-kc1v5axmer

  • MD5

    abcff1e6ac84a5ec546b6672ce45bf02

  • SHA1

    e5e8c81f0b1d2ea23adbe79d5a69318a7212bbea

  • SHA256

    3649c7b868952aa06caef1e133c8f4bdcc2a92763380c7e69af4e2f891afd466

  • SHA512

    010d13c525854f55eecae7900d3a2637efc17f45e23d2915aa61fd8d1ea18a6b0d41cf08f9404ef5834cbd010af60fd7c90f7ad564fb96560a03f28c0422c40e

  • SSDEEP

    98304:mvvsqWkkoPBI4gzTwyc7/fa2y9lqqPBHIBCcD:m3okkoPBI3z031y9l1HWC8

Malware Config

Extracted

Family

cryptbot

Targets

    • Target

      abcff1e6ac84a5ec546b6672ce45bf02.exe

    • Size

      4.2MB

    • MD5

      abcff1e6ac84a5ec546b6672ce45bf02

    • SHA1

      e5e8c81f0b1d2ea23adbe79d5a69318a7212bbea

    • SHA256

      3649c7b868952aa06caef1e133c8f4bdcc2a92763380c7e69af4e2f891afd466

    • SHA512

      010d13c525854f55eecae7900d3a2637efc17f45e23d2915aa61fd8d1ea18a6b0d41cf08f9404ef5834cbd010af60fd7c90f7ad564fb96560a03f28c0422c40e

    • SSDEEP

      98304:mvvsqWkkoPBI4gzTwyc7/fa2y9lqqPBHIBCcD:m3okkoPBI3z031y9l1HWC8

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Cryptbot family

    • Enumerates VirtualBox registry keys

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.