cryptbot | 96bfc7cc6faec266f2d88ef07b0aa1557cdca954f9b1d00b382c049ce102c8ad | Triage

Submit
Reports

Overview

overview

Static

static

3

96bfc7cc6f...ad.exe

windows7-x64

96bfc7cc6f...ad.exe

windows10-2004-x64

9

Sharing

General

Target

96bfc7cc6faec266f2d88ef07b0aa1557cdca954f9b1d00b382c049ce102c8ad
Size

3.8MB
Sample

250210-gdf1kaspg1
MD5

39cb29174e8067eb57cb628d7debb3ec
SHA1

489a3762aff2b43e86f80f482162702fa7405588
SHA256

96bfc7cc6faec266f2d88ef07b0aa1557cdca954f9b1d00b382c049ce102c8ad
SHA512

6662cdaaff15575c7ea7094803b6ea3ac3258b78f6a26b0849d69ae82e1a6075092b605adb9ba02e92440515bdb4cf67343c6c74f685b8271090164a1797bba0
SSDEEP

98304:Zs/kiQvHYE7PyrHXIJ1zqRfm0zWPReVl2E:3iyYaH1q9z6eVlt

Score

10^/10

cryptbot defense_evasion discovery execution spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

96bfc7cc6faec266f2d88ef07b0aa1557cdca954f9b1d00b382c049ce102c8ad.exe

Resource

win7-20240903-en

cryptbot defense_evasion discovery execution spyware stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

96bfc7cc6faec266f2d88ef07b0aa1557cdca954f9b1d00b382c049ce102c8ad.exe

Resource

win10v2004-20250207-en

defense_evasion discovery execution

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

cryptbot

C2

http://home.elvnpp11sb.top/PbeokZpPUOamImAhVrmG11

Targets

- Target
  
  96bfc7cc6faec266f2d88ef07b0aa1557cdca954f9b1d00b382c049ce102c8ad
- Size
  
  3.8MB
- MD5
  
  39cb29174e8067eb57cb628d7debb3ec
- SHA1
  
  489a3762aff2b43e86f80f482162702fa7405588
- SHA256
  
  96bfc7cc6faec266f2d88ef07b0aa1557cdca954f9b1d00b382c049ce102c8ad
- SHA512
  
  6662cdaaff15575c7ea7094803b6ea3ac3258b78f6a26b0849d69ae82e1a6075092b605adb9ba02e92440515bdb4cf67343c6c74f685b8271090164a1797bba0
- SSDEEP
  
  98304:Zs/kiQvHYE7PyrHXIJ1zqRfm0zWPReVl2E:3iyYaH1q9z6eVlt
Score

10^/10

cryptbot defense_evasion discovery execution spyware stealer
- CryptBot
  CryptBot is a C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- Cryptbot family
  cryptbot
- Enumerates VirtualBox registry keys
  defense_evasion
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptbotdefense_evasiondiscoveryexecutionspywarestealer

behavioral2

defense_evasiondiscoveryexecution

© 2018-2025

Terms | Privacy