cryptbot | b4de967276c1b66e49f92d673b4a627294bd16709c50ee8372aaf7b5d67ad632 | Triage

Submit
Reports

Overview

overview

Static

static

3

b4de967276...32.exe

windows7-x64

b4de967276...32.exe

windows10-2004-x64

Sharing

General

Target

b4de967276c1b66e49f92d673b4a627294bd16709c50ee8372aaf7b5d67ad632
Size

3.2MB
Sample

250130-1pxx1atmes
MD5

367d6d7210344d513037c0d9ad6c1094
SHA1

e562cd450ea66a3703d77d4c0bf332bf934d7113
SHA256

b4de967276c1b66e49f92d673b4a627294bd16709c50ee8372aaf7b5d67ad632
SHA512

73c1a7b7e224eaee94212c8ec1fa2a3bc0ccc474aaf71720d1dcb75564edde244efec7055ee35aab7e64197fbc9c063ab1a7d08bf0625fcda06f6dd361347dad
SSDEEP

98304:ZsjlFDYPY3lEpOBunjPTgO2WDg2STyH7eaoN14:GFD/2jPTUWfSObeRN14

Score

10^/10

cryptbot defense_evasion discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b4de967276c1b66e49f92d673b4a627294bd16709c50ee8372aaf7b5d67ad632.exe

Resource

win7-20240708-en

cryptbot defense_evasion discovery spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

b4de967276c1b66e49f92d673b4a627294bd16709c50ee8372aaf7b5d67ad632.exe

Resource

win10v2004-20250129-en

cryptbot defense_evasion discovery spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

cryptbot

Targets

- Target
  
  b4de967276c1b66e49f92d673b4a627294bd16709c50ee8372aaf7b5d67ad632
- Size
  
  3.2MB
- MD5
  
  367d6d7210344d513037c0d9ad6c1094
- SHA1
  
  e562cd450ea66a3703d77d4c0bf332bf934d7113
- SHA256
  
  b4de967276c1b66e49f92d673b4a627294bd16709c50ee8372aaf7b5d67ad632
- SHA512
  
  73c1a7b7e224eaee94212c8ec1fa2a3bc0ccc474aaf71720d1dcb75564edde244efec7055ee35aab7e64197fbc9c063ab1a7d08bf0625fcda06f6dd361347dad
- SSDEEP
  
  98304:ZsjlFDYPY3lEpOBunjPTgO2WDg2STyH7eaoN14:GFD/2jPTUWfSObeRN14
Score

10^/10

cryptbot defense_evasion discovery spyware stealer
- CryptBot
  CryptBot is a C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- Cryptbot family
  cryptbot
- Enumerates VirtualBox registry keys
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptbotdefense_evasiondiscoveryspywarestealer

behavioral2

cryptbotdefense_evasiondiscoveryspywarestealer

© 2018-2025

Terms | Privacy