cryptbot | 234720e696e01f3e21f6d0888a906a186ed6bfcc1b416bf5e6b78ba7ebc49474 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

234720e696...74.exe

windows7-x64

234720e696...74.exe

windows10-2004-x64

Sharing

General

Target

234720e696e01f3e21f6d0888a906a186ed6bfcc1b416bf5e6b78ba7ebc49474
Size

3.8MB
Sample

250324-h4y5haswh1
MD5

52dfbec82ed8b0f36065b6c7dd60db74
SHA1

da386493a3cdee427b90b9d61a32a53a1cf7c097
SHA256

234720e696e01f3e21f6d0888a906a186ed6bfcc1b416bf5e6b78ba7ebc49474
SHA512

077c226c12525c17d178522cb123322fe37067ab7211402fa56f207ad793778dd54a3a6e594811d502fa2fbffee65e7488b7cf3c24936c1e9b7c28d3d2fff225
SSDEEP

98304:ZsLhipLqAerp+/fe6maWwtZ96QWkcsL9ydhhy:gipmHp+/26ma7tZFAdy

Score

10^/10

cryptbot defense_evasion discovery execution spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

234720e696e01f3e21f6d0888a906a186ed6bfcc1b416bf5e6b78ba7ebc49474.exe

Resource

win7-20240903-en

cryptbot defense_evasion discovery execution spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

234720e696e01f3e21f6d0888a906a186ed6bfcc1b416bf5e6b78ba7ebc49474.exe

Resource

win10v2004-20250314-en

cryptbot defense_evasion discovery execution spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

cryptbot

C2

http://home.elvnpp11sb.top/PbeokZpPUOamImAhVrmG11

Targets

- Target
  
  234720e696e01f3e21f6d0888a906a186ed6bfcc1b416bf5e6b78ba7ebc49474
- Size
  
  3.8MB
- MD5
  
  52dfbec82ed8b0f36065b6c7dd60db74
- SHA1
  
  da386493a3cdee427b90b9d61a32a53a1cf7c097
- SHA256
  
  234720e696e01f3e21f6d0888a906a186ed6bfcc1b416bf5e6b78ba7ebc49474
- SHA512
  
  077c226c12525c17d178522cb123322fe37067ab7211402fa56f207ad793778dd54a3a6e594811d502fa2fbffee65e7488b7cf3c24936c1e9b7c28d3d2fff225
- SSDEEP
  
  98304:ZsLhipLqAerp+/fe6maWwtZ96QWkcsL9ydhhy:gipmHp+/26ma7tZFAdy
Score

10^/10

cryptbot defense_evasion discovery execution spyware stealer
- CryptBot
  CryptBot is a C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- Cryptbot family
  cryptbot
- Enumerates VirtualBox registry keys
  defense_evasion
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptbotdefense_evasiondiscoveryexecutionspywarestealer

behavioral2

cryptbotdefense_evasiondiscoveryexecutionspywarestealer

© 2018-2025

Terms | Privacy