Overview

overview

10

Static

static

3

random (2).exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    random (2).exe

  • Size

    6.3MB

  • Sample

    250304-sycpestvbs

  • MD5

    4ae8af6fba92e19af09d19070b33c7c2

  • SHA1

    a72132f73981dcacfa2d322176121152a880ef19

  • SHA256

    cf284105b76caf1f2f775de2207e9743ca4a479924b06b0ab3a41251104953f3

  • SHA512

    a0be0da126a2f67741448303ff22a0cd0c92cd9a19ff7e9f03bceec3320eebe7ea7d31f76a52b399a1c83dd975cd3da2111258cc42dd04bb578ed70651f5fe53

  • SSDEEP

    98304:hjQBHwSW6RBfuVbx3/4pIrZC5EimIfFUsidrV2XJsNf7tnMhXWKsTA0KIY9E:hcBHwSwVmpaZP/ItSHKsTAQY9

Score
10/10
cryptbotdefense_evasiondiscoveryspywarestealer

Malware Config

Extracted

Family

cryptbot

C2

http://home.fivenn5sr.top/DoDOGDWnPbpMwhmjDvNk17

Targets

    • Target

      random (2).exe

    • Size

      6.3MB

    • MD5

      4ae8af6fba92e19af09d19070b33c7c2

    • SHA1

      a72132f73981dcacfa2d322176121152a880ef19

    • SHA256

      cf284105b76caf1f2f775de2207e9743ca4a479924b06b0ab3a41251104953f3

    • SHA512

      a0be0da126a2f67741448303ff22a0cd0c92cd9a19ff7e9f03bceec3320eebe7ea7d31f76a52b399a1c83dd975cd3da2111258cc42dd04bb578ed70651f5fe53

    • SSDEEP

      98304:hjQBHwSW6RBfuVbx3/4pIrZC5EimIfFUsidrV2XJsNf7tnMhXWKsTA0KIY9E:hcBHwSwVmpaZP/ItSHKsTAQY9

    Score
    10/10
    cryptbotdefense_evasiondiscoveryspywarestealer

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

      spywarestealercryptbot

    • Cryptbot family

      cryptbot

    • Enumerates VirtualBox registry keys

      defense_evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      defense_evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      defense_evasion

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.