General
-
Target
1efdba3512772f4785c7e1d879f3149834dc1db3c14df5bcd81e0e12b3f0adb2
-
Size
244KB
-
Sample
220612-x258csgge2
-
MD5
1390f705f48b1d089b09f0cdb58b7f5c
-
SHA1
5aa34f0770a254747d57677ad8fc8a88917e6a57
-
SHA256
1efdba3512772f4785c7e1d879f3149834dc1db3c14df5bcd81e0e12b3f0adb2
-
SHA512
a0a52bd8f6266fe6802a10232ef52f1bb48e976a31730f3440f89d46d0a5a36c1f7186dffec50fe212d1115bfa3555a5335f2731c8ba6cf4bfedc290924ffeca
Malware Config
Targets
-
-
Target
1efdba3512772f4785c7e1d879f3149834dc1db3c14df5bcd81e0e12b3f0adb2
-
Size
244KB
-
MD5
1390f705f48b1d089b09f0cdb58b7f5c
-
SHA1
5aa34f0770a254747d57677ad8fc8a88917e6a57
-
SHA256
1efdba3512772f4785c7e1d879f3149834dc1db3c14df5bcd81e0e12b3f0adb2
-
SHA512
a0a52bd8f6266fe6802a10232ef52f1bb48e976a31730f3440f89d46d0a5a36c1f7186dffec50fe212d1115bfa3555a5335f2731c8ba6cf4bfedc290924ffeca
Score10/10-
suricata: ET MALWARE DNS Reply Sinkhole - Microsoft - 199.2.137.0/24
suricata: ET MALWARE DNS Reply Sinkhole - Microsoft - 199.2.137.0/24
-
CryptOne packer
Detects CryptOne packer defined in NCC blogpost.
-
Deletes itself
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-