cryptbot | 182de50dea4c507874652a9a7b50157d0ae9f4d682e96b1aebc3d9e14d42c243 | Triage

Submit
Reports

Overview

overview

Static

static

3

182de50dea...43.exe

windows7-x64

182de50dea...43.exe

windows10-2004-x64

Sharing

General

Target

182de50dea4c507874652a9a7b50157d0ae9f4d682e96b1aebc3d9e14d42c243
Size

2.6MB
Sample

250131-zswzfayqbl
MD5

aa545b008ef8305bb3e58cf41510c5ae
SHA1

59cf3a193e2c4363667fede9908e89796dd08210
SHA256

182de50dea4c507874652a9a7b50157d0ae9f4d682e96b1aebc3d9e14d42c243
SHA512

a468daa36ffa8d6ad0871fb2153baa1e73dd2ec6f07fd205e10628c3d148bf1b6a3e972970978f11be29f03b214985e4fd8225d4ab135e0604c979e2b6143ec6
SSDEEP

49152:Zsv8ko0OZzMMJVYo+EEY4A5u+Jt4ccnUSXY4NT/1qomWyNVA7eaoN14:ZsUkX6rJVf+y4A5l4LUSR9qomxA7eaoI

Score

10^/10

cryptbot defense_evasion discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

182de50dea4c507874652a9a7b50157d0ae9f4d682e96b1aebc3d9e14d42c243.exe

Resource

win7-20240903-en

cryptbot defense_evasion discovery spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

182de50dea4c507874652a9a7b50157d0ae9f4d682e96b1aebc3d9e14d42c243.exe

Resource

win10v2004-20250129-en

cryptbot defense_evasion discovery spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

cryptbot

Targets

- Target
  
  182de50dea4c507874652a9a7b50157d0ae9f4d682e96b1aebc3d9e14d42c243
- Size
  
  2.6MB
- MD5
  
  aa545b008ef8305bb3e58cf41510c5ae
- SHA1
  
  59cf3a193e2c4363667fede9908e89796dd08210
- SHA256
  
  182de50dea4c507874652a9a7b50157d0ae9f4d682e96b1aebc3d9e14d42c243
- SHA512
  
  a468daa36ffa8d6ad0871fb2153baa1e73dd2ec6f07fd205e10628c3d148bf1b6a3e972970978f11be29f03b214985e4fd8225d4ab135e0604c979e2b6143ec6
- SSDEEP
  
  49152:Zsv8ko0OZzMMJVYo+EEY4A5u+Jt4ccnUSXY4NT/1qomWyNVA7eaoN14:ZsUkX6rJVf+y4A5l4LUSR9qomxA7eaoI
Score

10^/10

cryptbot defense_evasion discovery spyware stealer
- CryptBot
  CryptBot is a C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- Cryptbot family
  cryptbot
- Enumerates VirtualBox registry keys
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptbotdefense_evasiondiscoveryspywarestealer

behavioral2

cryptbotdefense_evasiondiscoveryspywarestealer

© 2018-2025

Terms | Privacy