cryptbot | 35c5a257003e97599dd1b1bc6936ccfb7d57235903aeecfb3ee9d7abe5fee3c8 | Triage

Submit
Reports

Overview

overview

Static

static

3

35c5a25700...c8.exe

windows7-x64

35c5a25700...c8.exe

windows10-2004-x64

9

Sharing

General

Target

35c5a257003e97599dd1b1bc6936ccfb7d57235903aeecfb3ee9d7abe5fee3c8
Size

3.2MB
Sample

250117-xysg4azpet
MD5

a14510e62298e461bd64b7a75b7629a6
SHA1

6bc9fd3d4fda53786fe48d41c5a6fb3e57f227af
SHA256

35c5a257003e97599dd1b1bc6936ccfb7d57235903aeecfb3ee9d7abe5fee3c8
SHA512

10682f5347ad26646bfc631c50f116d0657e28c41149a6c18b8da34fa52ffdfadbe8c46a4266640f977738964d8fafea90ea375f6e2a17395f8ef109eb186a2c
SSDEEP

49152:ZsvoQtzPIM6eHLwp8gauv2DAgJtYGwxFe7LD4gyoz+U+IIKQMt91TrzSjjdDG9:ZsZzPpbrcvngJtYOD5+U+6nTCFDG9

Score

10^/10

cryptbot discovery evasion spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

35c5a257003e97599dd1b1bc6936ccfb7d57235903aeecfb3ee9d7abe5fee3c8.exe

Resource

win7-20240903-en

cryptbot discovery evasion spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

35c5a257003e97599dd1b1bc6936ccfb7d57235903aeecfb3ee9d7abe5fee3c8.exe

Resource

win10v2004-20241007-en

discovery evasion

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

cryptbot

Targets

- Target
  
  35c5a257003e97599dd1b1bc6936ccfb7d57235903aeecfb3ee9d7abe5fee3c8
- Size
  
  3.2MB
- MD5
  
  a14510e62298e461bd64b7a75b7629a6
- SHA1
  
  6bc9fd3d4fda53786fe48d41c5a6fb3e57f227af
- SHA256
  
  35c5a257003e97599dd1b1bc6936ccfb7d57235903aeecfb3ee9d7abe5fee3c8
- SHA512
  
  10682f5347ad26646bfc631c50f116d0657e28c41149a6c18b8da34fa52ffdfadbe8c46a4266640f977738964d8fafea90ea375f6e2a17395f8ef109eb186a2c
- SSDEEP
  
  49152:ZsvoQtzPIM6eHLwp8gauv2DAgJtYGwxFe7LD4gyoz+U+IIKQMt91TrzSjjdDG9:ZsZzPpbrcvngJtYOD5+U+6nTCFDG9
Score

10^/10

cryptbot discovery evasion spyware stealer
- CryptBot
  CryptBot is a C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- Cryptbot family
  cryptbot
- Enumerates VirtualBox registry keys
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptbotdiscoveryevasionspywarestealer

behavioral2

discoveryevasion

© 2018-2025

Terms | Privacy