cryptbot | 37f98020a18c5349391aa444259fbe0e33133b612ea1a52612415a484e761064 | Triage

Submit
Reports

Overview

overview

Static

static

3

37f98020a1...64.exe

windows7-x64

37f98020a1...64.exe

windows10-2004-x64

9

Sharing

General

Target

37f98020a18c5349391aa444259fbe0e33133b612ea1a52612415a484e761064
Size

3.8MB
Sample

250211-wn4xpsvqds
MD5

1e9f66938dc65ea07276d1eb137ab047
SHA1

c9d9c8d5069af1689668157fc178bfa947469b97
SHA256

37f98020a18c5349391aa444259fbe0e33133b612ea1a52612415a484e761064
SHA512

00a217e5ce5a9ce4748054dbe82d887a67083f369c59341b9c5459402b871e4180f1455c5197408ea76989dc8e809157cc7c36ead3813048f6313ad226537d81
SSDEEP

98304:Zspwe8EJfdMgg3akDFJBXy2vRfcSpwxzYs7kjhn/JU:zEJfOhqI+2ZU0IBkjhnRU

Score

10^/10

cryptbot defense_evasion discovery execution spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

37f98020a18c5349391aa444259fbe0e33133b612ea1a52612415a484e761064.exe

Resource

win7-20240903-en

cryptbot defense_evasion discovery execution spyware stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

37f98020a18c5349391aa444259fbe0e33133b612ea1a52612415a484e761064.exe

Resource

win10v2004-20250211-en

defense_evasion discovery execution

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

cryptbot

C2

http://home.elvnuuu11pn.top/ulvJaKQlXazlgWxqjbuu04

Targets

- Target
  
  37f98020a18c5349391aa444259fbe0e33133b612ea1a52612415a484e761064
- Size
  
  3.8MB
- MD5
  
  1e9f66938dc65ea07276d1eb137ab047
- SHA1
  
  c9d9c8d5069af1689668157fc178bfa947469b97
- SHA256
  
  37f98020a18c5349391aa444259fbe0e33133b612ea1a52612415a484e761064
- SHA512
  
  00a217e5ce5a9ce4748054dbe82d887a67083f369c59341b9c5459402b871e4180f1455c5197408ea76989dc8e809157cc7c36ead3813048f6313ad226537d81
- SSDEEP
  
  98304:Zspwe8EJfdMgg3akDFJBXy2vRfcSpwxzYs7kjhn/JU:zEJfOhqI+2ZU0IBkjhnRU
Score

10^/10

cryptbot defense_evasion discovery execution spyware stealer
- CryptBot
  CryptBot is a C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- Cryptbot family
  cryptbot
- Enumerates VirtualBox registry keys
  defense_evasion
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptbotdefense_evasiondiscoveryexecutionspywarestealer

behavioral2

defense_evasiondiscoveryexecution

© 2018-2025

Terms | Privacy