General

  • Target

    01299c35d5c0d08a5f90c9ba33c29f705eba476aa795f86d897ed1d244ef3f92

  • Size

    6.9MB

  • Sample

    220919-ee5zzabacp

  • MD5

    3cb3dc50e206bcc9e3254ddde5098dc7

  • SHA1

    b378c4d62edabe6736152d14c02a1dae425b2388

  • SHA256

    01299c35d5c0d08a5f90c9ba33c29f705eba476aa795f86d897ed1d244ef3f92

  • SHA512

    9a8e105e3df88c900786c8ebe75a9eed1e9f557cf00c769b09d7c50ff492bb873ae5e45f0400f7fcfd79fd2cd903d220840ebd50d91a20f1890c6e0c1c056c19

  • SSDEEP

    49152:kCUe/RuEkt629PjNHFCZr0/WOZWxFRL5f5Kbs5WJWys6RP:kL

Malware Config

Targets

    • Target

      01299c35d5c0d08a5f90c9ba33c29f705eba476aa795f86d897ed1d244ef3f92

    • Size

      6.9MB

    • MD5

      3cb3dc50e206bcc9e3254ddde5098dc7

    • SHA1

      b378c4d62edabe6736152d14c02a1dae425b2388

    • SHA256

      01299c35d5c0d08a5f90c9ba33c29f705eba476aa795f86d897ed1d244ef3f92

    • SHA512

      9a8e105e3df88c900786c8ebe75a9eed1e9f557cf00c769b09d7c50ff492bb873ae5e45f0400f7fcfd79fd2cd903d220840ebd50d91a20f1890c6e0c1c056c19

    • SSDEEP

      49152:kCUe/RuEkt629PjNHFCZr0/WOZWxFRL5f5Kbs5WJWys6RP:kL

    • Modifies firewall policy service

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

3
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Tasks