cryptbot | 1ba86c6926a17e77c941f65901e97d88b20bf2508e1d75adf2495344022c4511 | Triage

Submit
Reports

Overview

overview

Static

static

3

nonia.exe

windows7-x64

nonia.exe

windows10-2004-x64

Sharing

General

Target

nonia.exe
Size

6.9MB
Sample

250208-v6awxawqg1
MD5

cd2b81a5b3709ce225dd36155fcc03ff
SHA1

79392c7e57ea1638c45e889130a42ac01cd989cd
SHA256

1ba86c6926a17e77c941f65901e97d88b20bf2508e1d75adf2495344022c4511
SHA512

5813cd0596d3d2b799538e0404a9a7141c4cc764737c04e0402f27c34ed3d076641f255b7420fd662fbb5a73cf287b810e314888709cea7709bbfb13cfeeebc4
SSDEEP

98304:rt2cot2nE0QOVqf0oisTLhLh/ExNqoT3K4zLuY7CqwGg/KqC4g5SZtmaoXAPn54E:rtnit0odL//ExNqoTaALuHwoQa

Score

10^/10

cryptbot lumma defense_evasion discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

nonia.exe

Resource

win7-20241010-en

cryptbot lumma defense_evasion discovery spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

nonia.exe

Resource

win10v2004-20250207-en

cryptbot defense_evasion discovery spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://berserkyfir.click/api

Extracted

Family

cryptbot

C2

http://home.fortenb14vs.top/YEmCCeRRAnLfomQYkhCt57

Targets

- Target
  
  nonia.exe
- Size
  
  6.9MB
- MD5
  
  cd2b81a5b3709ce225dd36155fcc03ff
- SHA1
  
  79392c7e57ea1638c45e889130a42ac01cd989cd
- SHA256
  
  1ba86c6926a17e77c941f65901e97d88b20bf2508e1d75adf2495344022c4511
- SHA512
  
  5813cd0596d3d2b799538e0404a9a7141c4cc764737c04e0402f27c34ed3d076641f255b7420fd662fbb5a73cf287b810e314888709cea7709bbfb13cfeeebc4
- SSDEEP
  
  98304:rt2cot2nE0QOVqf0oisTLhLh/ExNqoT3K4zLuY7CqwGg/KqC4g5SZtmaoXAPn54E:rtnit0odL//ExNqoTaALuHwoQa
Score

10^/10

cryptbot lumma defense_evasion discovery spyware stealer
- CryptBot
  CryptBot is a C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- Cryptbot family
  cryptbot
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Enumerates VirtualBox registry keys
  defense_evasion
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptbotlummadefense_evasiondiscoveryspywarestealer

behavioral2

cryptbotdefense_evasiondiscoveryspywarestealer

© 2018-2025

Terms | Privacy