Extracted

• • Target

    SecuriteInfo.com.Variant.Zusy.579171.11132.32481.exe

  • Size

    6.2MB

  • MD5

    3b8e1edc5b493c9ff10823942054d3bc

  • SHA1

    9b5979457a083498360f2f8c802b31a4710f7bbe

  • SHA256

    6b6b2fa135738671e1a1f90ddd5fe4f567b1b7d9415ea8ebc32b56f846dca607

  • SHA512

    79b0b50fece8ab2a0c55878ca607f98ccbf1fc8c00a97d404c5ac6c20df78af1f7bdba060cd0a856974c4660833d359c5f33399b1a0a3839e3c1555ae04bad2b

  • SSDEEP

    98304:ndfBvDtB9eRVW1fLIfxIeDdgVOGG380vJNdE5zPeTWdAoH:ZBvMiLIZIeqVOGGvKzPeTgAu

  Score

  10^/10

  cryptbotdefense_evasiondiscoveryspywarestealer

  • CryptBot

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot

  • Cryptbot family

    cryptbot

  • Enumerates VirtualBox registry keys

    defense_evasion

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Downloads MZ/PE file

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2