Extracted

• • Target

    f2d3aa2010aa17c79bd549f081efe1ef635b8e12ae150f200f8d2769b960bd4b.exe

  • Size

    4.3MB

  • MD5

    27b03055c39daab2ce7ae0c5a369f0f1

  • SHA1

    51c5eb4f2e29c659403437063502a061945265de

  • SHA256

    f2d3aa2010aa17c79bd549f081efe1ef635b8e12ae150f200f8d2769b960bd4b

  • SHA512

    c9054103e7798857acc2b6eea95c42c3152868cb1e6d40fafcf022139918fbc96839a613bc0287275a72da32bd43ca5c36ec47f3c00769015261e62ad95ad173

  • SSDEEP

    98304:NgKUrhtOfgod4ca/ljPU1uyUPL349JjFKLj74:NUteduljs1ubPL349Ujs

  Score

  10^/10

  cryptbotdiscoveryevasionspywarestealer

  • CryptBot

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot

  • Cryptbot family

    cryptbot

  • Enumerates VirtualBox registry keys

    evasion

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2