eba5ec221eb35337956eeacc73edb062c218903e329901d3ccbb55cd0f6c9448 | Triage

Submit
Reports

Overview

overview

9

Static

static

eba5ec221e...48.exe

windows7-x64

9

eba5ec221e...48.exe

windows10-2004-x64

9

Sharing

General

Target

eba5ec221eb35337956eeacc73edb062c218903e329901d3ccbb55cd0f6c9448
Size

207KB
Sample

221123-sz4vasfg4x
MD5

b8b2bd38d344a855534ce9c67ce6b823
SHA1

3ac9d5a05fa79a747bd5c1090135ff1777756f8a
SHA256

eba5ec221eb35337956eeacc73edb062c218903e329901d3ccbb55cd0f6c9448
SHA512

dd76ae39a4074768a0d3ba94beab19e38f74b47ead8aae6dceac4dc1de35416db3ce8dabd1b4b4bbbaeb86512a94ed7da7a2b53f5d008b274b489f0fb3393773
SSDEEP

3072:CSr6oqbCV3fNddKpj0jNxpH4DhDxFyefZOnoX7SAqZHTMyk8kafp6d:CSrTqydKpQx989ROnoXZ0k8kypA

Score

9^/10

cryptone packer persistence

Static task

static1

Behavioral task

behavioral1

Sample

eba5ec221eb35337956eeacc73edb062c218903e329901d3ccbb55cd0f6c9448.exe

Resource

win7-20220812-en

cryptone packer persistence

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

eba5ec221eb35337956eeacc73edb062c218903e329901d3ccbb55cd0f6c9448.exe

Resource

win10v2004-20220812-en

cryptone packer persistence

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  eba5ec221eb35337956eeacc73edb062c218903e329901d3ccbb55cd0f6c9448
- Size
  
  207KB
- MD5
  
  b8b2bd38d344a855534ce9c67ce6b823
- SHA1
  
  3ac9d5a05fa79a747bd5c1090135ff1777756f8a
- SHA256
  
  eba5ec221eb35337956eeacc73edb062c218903e329901d3ccbb55cd0f6c9448
- SHA512
  
  dd76ae39a4074768a0d3ba94beab19e38f74b47ead8aae6dceac4dc1de35416db3ce8dabd1b4b4bbbaeb86512a94ed7da7a2b53f5d008b274b489f0fb3393773
- SSDEEP
  
  3072:CSr6oqbCV3fNddKpj0jNxpH4DhDxFyefZOnoX7SAqZHTMyk8kafp6d:CSrTqydKpQx989ROnoXZ0k8kypA
Score

9^/10

cryptone packer persistence
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cryptonepackerpersistence

behavioral2

cryptonepackerpersistence

© 2018-2024

Terms | Privacy