cryptbot | d2638877ee593334ebe913b61a62a9cb80c75493f764c416959d34fe8a99897a | Triage

Submit
Reports

Overview

overview

Static

static

3

1763bb2adc...18.exe

windows7-x64

1763bb2adc...18.exe

windows10-2004-x64

$PLUGINSDI...ia.dll

windows7-x64

3

$PLUGINSDI...ia.dll

windows10-2004-x64

3

Sharing

General

Target

1763bb2adcedfe5bc524624aa73dc140_JaffaCakes118
Size

4.3MB
Sample

240505-m8rcnsgb5x
MD5

1763bb2adcedfe5bc524624aa73dc140
SHA1

2df89148a27b588a9f1a99a99e17312c43c41340
SHA256

d2638877ee593334ebe913b61a62a9cb80c75493f764c416959d34fe8a99897a
SHA512

92d4dc3b1dcb6793ac306bad5da80938f6d995da528a5432f7cb7655450ce035fe6d35f8d702ae46522b1f4bf127f671eb936e0f6fa28e4478c12260ff7d5337
SSDEEP

98304:7fdYYywRBzkQ8LepeMMsKcjetxUGFaj2S7+aFun114T:bdfBzh8L6CsCjFAlFu1e

Score

10^/10

cryptbot discovery evasion spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1763bb2adcedfe5bc524624aa73dc140_JaffaCakes118.exe

Resource

win7-20240221-en

cryptbot discovery evasion spyware stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

1763bb2adcedfe5bc524624aa73dc140_JaffaCakes118.exe

Resource

win10v2004-20240419-en

cryptbot discovery evasion spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Behavioral task

behavioral3

Sample

$PLUGINSDIR/Sibuia.dll

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral4

Sample

$PLUGINSDIR/Sibuia.dll

Resource

win10v2004-20240419-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Extracted

Family

cryptbot

C2

bibinene03.top

moraass05.top

Targets

- Target
  
  1763bb2adcedfe5bc524624aa73dc140_JaffaCakes118
- Size
  
  4.3MB
- MD5
  
  1763bb2adcedfe5bc524624aa73dc140
- SHA1
  
  2df89148a27b588a9f1a99a99e17312c43c41340
- SHA256
  
  d2638877ee593334ebe913b61a62a9cb80c75493f764c416959d34fe8a99897a
- SHA512
  
  92d4dc3b1dcb6793ac306bad5da80938f6d995da528a5432f7cb7655450ce035fe6d35f8d702ae46522b1f4bf127f671eb936e0f6fa28e4478c12260ff7d5337
- SSDEEP
  
  98304:7fdYYywRBzkQ8LepeMMsKcjetxUGFaj2S7+aFun114T:bdfBzh8L6CsCjFAlFu1e
Score

10^/10

cryptbot discovery evasion spyware stealer
- CryptBot
  A C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- CryptBot payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/Sibuia.dll
- Size
  
  524KB
- MD5
  
  6a3c3c97e92a5949f88311e80268bbb5
- SHA1
  
  48c11e3f694b468479bc2c978749d27b5d03faa2
- SHA256
  
  7938db73242aafbe80915e4ca886d38be9b7e872b93bdae1e8ee6cf4a005b7d9
- SHA512
  
  6141886a889825ccdfa59a419f7670a34ef240c4f90a83bc17223c415f2fbd983280e98e67485710e449746b5bf3284907537bef6ab698a48954dd4910ddf693
- SSDEEP
  
  12288:yFlW+6yL4qXm3e39uB9dk6M6g89vYyw7UwogmySQk9GS168q:y/L6yL44oAP7LD7UvCaGSlq
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cryptbotdiscoveryevasionspywarestealer

behavioral2

cryptbotdiscoveryevasionspywarestealer

behavioral3

behavioral4

© 2018-2024

Terms | Privacy