General
-
Target
ae67f53eb1a31bd8e61c2405c6a1634418ce518c565184cd9c9fdcb56c496d0b
-
Size
259KB
-
Sample
221122-wtvafsfh7z
-
MD5
494354224e43d50c26209cbeb7096e75
-
SHA1
7cc6ad32caaed9df42f05ad01b8c15eacbb31f61
-
SHA256
ae67f53eb1a31bd8e61c2405c6a1634418ce518c565184cd9c9fdcb56c496d0b
-
SHA512
56ba88d6e1a41d26d0f6d4ce865b8bd6c6e747c8d954234c576e78e32924796f88f6625d84d29b3dd89d7bb898947ccc53f49aa9eb243efb73e84993084328f2
-
SSDEEP
6144:pXgAUZ0z0l4E/43IB2i8HsI2MM2zxEftvk:pXgAg0zjE/4YBWHsIVktM
Malware Config
Targets
-
-
Target
ae67f53eb1a31bd8e61c2405c6a1634418ce518c565184cd9c9fdcb56c496d0b
-
Size
259KB
-
MD5
494354224e43d50c26209cbeb7096e75
-
SHA1
7cc6ad32caaed9df42f05ad01b8c15eacbb31f61
-
SHA256
ae67f53eb1a31bd8e61c2405c6a1634418ce518c565184cd9c9fdcb56c496d0b
-
SHA512
56ba88d6e1a41d26d0f6d4ce865b8bd6c6e747c8d954234c576e78e32924796f88f6625d84d29b3dd89d7bb898947ccc53f49aa9eb243efb73e84993084328f2
-
SSDEEP
6144:pXgAUZ0z0l4E/43IB2i8HsI2MM2zxEftvk:pXgAg0zjE/4YBWHsIVktM
Score9/10-
CryptOne packer
Detects CryptOne packer defined in NCC blogpost.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-