Extracted

• • Target

    7649ff6f49b4023cfa711ce129b2496ed3181698fa250a090b6f5020f2f1b3c1

  • Size

    2.6MB

  • MD5

    f9cbc9565100a378067a6be83c7529d8

  • SHA1

    b4134e7c3649505c2b632a1adb3e88dfa64a81c7

  • SHA256

    7649ff6f49b4023cfa711ce129b2496ed3181698fa250a090b6f5020f2f1b3c1

  • SHA512

    a09b3d0f04c5fa22fb38b25371fd6313c19cbf26a92473f9fc9e77371130ad304747e7bb1fd5f7d84240a3af87f245deac71bd00578fe7e69dc830ad02e9ebe6

  • SSDEEP

    49152:ZsvmZzni4h3UIypuI3feG9cusZDDQKj2O5FUubdwWhRwta0q+z/mKQnCSHFLExiM:Zsum4BUIyAIPjcPVaQUufhRmaVK/RlmI

  Score

  10^/10

  cryptbotdefense_evasiondiscoveryspywarestealer

  • CryptBot

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot

  • Cryptbot family

    cryptbot

  • Enumerates VirtualBox registry keys

    defense_evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2