General

  • Target

    1526fc970cdb0e5a69f0ca2284d12312c6f7c9d0e77aa264aa4260411a4f03e7.bin

  • Size

    1.9MB

  • Sample

    220720-njy7nafchl

  • MD5

    7a0a3e5189f78565b48c36ca226f223a

  • SHA1

    e8d485259e64fd375e03844c03775eda40862e1c

  • SHA256

    1526fc970cdb0e5a69f0ca2284d12312c6f7c9d0e77aa264aa4260411a4f03e7

  • SHA512

    f92d3deca17a2aeeece09b20ada894583edac58e9118634bf9ea71d59e22fe4c767f1d0e2d752a132a7f0b1bf63ec2fdccc2e8ee16b8bc1aedb721f668052c1c

Malware Config

Targets

    • Target

      1526fc970cdb0e5a69f0ca2284d12312c6f7c9d0e77aa264aa4260411a4f03e7.bin

    • Size

      1.9MB

    • MD5

      7a0a3e5189f78565b48c36ca226f223a

    • SHA1

      e8d485259e64fd375e03844c03775eda40862e1c

    • SHA256

      1526fc970cdb0e5a69f0ca2284d12312c6f7c9d0e77aa264aa4260411a4f03e7

    • SHA512

      f92d3deca17a2aeeece09b20ada894583edac58e9118634bf9ea71d59e22fe4c767f1d0e2d752a132a7f0b1bf63ec2fdccc2e8ee16b8bc1aedb721f668052c1c

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Deletes itself

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks