General
-
Target
1f9c7b98485c5f1072970ecdd733096b8d4b37891b80ff92a9fa35b6c4018d97
-
Size
205KB
-
Sample
221029-ba19faecg8
-
MD5
00cda7f78f35d0bf0d77ac17d7a52f90
-
SHA1
f1aced357b138d453436dee499693f81e8e3481d
-
SHA256
1f9c7b98485c5f1072970ecdd733096b8d4b37891b80ff92a9fa35b6c4018d97
-
SHA512
58edff2a5f02ed3474e0941cf0558bae0a85f5b540f130a0dd291b274724a3385c746b6e51faa3ce185657467a8fd36fa37de8039c393e832c943cbf7162911d
-
SSDEEP
3072:rdveuZ/l6Gpnxd+6kfDDffffNfffLffffnWz5ExMaj4YZ/5dlQUj0NcfTST+CwuA:FN6G/Ex1kQ/u602L2+CjA
Malware Config
Targets
-
-
Target
1f9c7b98485c5f1072970ecdd733096b8d4b37891b80ff92a9fa35b6c4018d97
-
Size
205KB
-
MD5
00cda7f78f35d0bf0d77ac17d7a52f90
-
SHA1
f1aced357b138d453436dee499693f81e8e3481d
-
SHA256
1f9c7b98485c5f1072970ecdd733096b8d4b37891b80ff92a9fa35b6c4018d97
-
SHA512
58edff2a5f02ed3474e0941cf0558bae0a85f5b540f130a0dd291b274724a3385c746b6e51faa3ce185657467a8fd36fa37de8039c393e832c943cbf7162911d
-
SSDEEP
3072:rdveuZ/l6Gpnxd+6kfDDffffNfffLffffnWz5ExMaj4YZ/5dlQUj0NcfTST+CwuA:FN6G/Ex1kQ/u602L2+CjA
Score9/10-
CryptOne packer
Detects CryptOne packer defined in NCC blogpost.
-
Deletes itself
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-