cryptbot | 2766e65bd149a68ec2a3f392eb55b713619b6374c81b5d03b0c074c3a33b9496 | Triage

Submit
Reports

Overview

overview

Static

static

3

2766e65bd1...96.exe

windows7-x64

2766e65bd1...96.exe

windows10-2004-x64

9

Sharing

General

Target

2766e65bd149a68ec2a3f392eb55b713619b6374c81b5d03b0c074c3a33b9496
Size

5.4MB
Sample

250211-q6qvxavkev
MD5

d2c01e16280221c756abe1fb041af7e5
SHA1

f3031ba121acd543997c564d6ea05effe2187200
SHA256

2766e65bd149a68ec2a3f392eb55b713619b6374c81b5d03b0c074c3a33b9496
SHA512

becad27fbc0f957806509dcf5936c2f6b80df006e7a1ee3589b8472aa7abb5a4ec1ae8f4bb762bbb6c839448c3c478d1f96709d3f6ff62c339766c8a31ddf9ec
SSDEEP

98304:Zs2we8ErfdMgg3X3sQzClYCg4p4eGOCYciJhHPXWmYRfs9DqgrFX6:mErfOh3s4h4p4uxPPXWmYREJrc

Score

10^/10

cryptbot defense_evasion discovery execution spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2766e65bd149a68ec2a3f392eb55b713619b6374c81b5d03b0c074c3a33b9496.exe

Resource

win7-20240903-en

cryptbot defense_evasion discovery execution spyware stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

2766e65bd149a68ec2a3f392eb55b713619b6374c81b5d03b0c074c3a33b9496.exe

Resource

win10v2004-20250207-en

defense_evasion discovery execution

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

cryptbot

C2

http://home.elvnuuu11pn.top/ulvJaKQlXazlgWxqjbuu04

Targets

- Target
  
  2766e65bd149a68ec2a3f392eb55b713619b6374c81b5d03b0c074c3a33b9496
- Size
  
  5.4MB
- MD5
  
  d2c01e16280221c756abe1fb041af7e5
- SHA1
  
  f3031ba121acd543997c564d6ea05effe2187200
- SHA256
  
  2766e65bd149a68ec2a3f392eb55b713619b6374c81b5d03b0c074c3a33b9496
- SHA512
  
  becad27fbc0f957806509dcf5936c2f6b80df006e7a1ee3589b8472aa7abb5a4ec1ae8f4bb762bbb6c839448c3c478d1f96709d3f6ff62c339766c8a31ddf9ec
- SSDEEP
  
  98304:Zs2we8ErfdMgg3X3sQzClYCg4p4eGOCYciJhHPXWmYRfs9DqgrFX6:mErfOh3s4h4p4uxPPXWmYREJrc
Score

10^/10

cryptbot defense_evasion discovery execution spyware stealer
- CryptBot
  CryptBot is a C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- Cryptbot family
  cryptbot
- Enumerates VirtualBox registry keys
  defense_evasion
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptbotdefense_evasiondiscoveryexecutionspywarestealer

behavioral2

defense_evasiondiscoveryexecution

© 2018-2025

Terms | Privacy