Overview

overview

9

Static

static

eba5ec221e...48.exe

windows7-x64

9

eba5ec221e...48.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eba5ec221eb35337956eeacc73edb062c218903e329901d3ccbb55cd0f6c9448

  • Size

    207KB

  • Sample

    221123-sz4vasfg4x

  • MD5

    b8b2bd38d344a855534ce9c67ce6b823

  • SHA1

    3ac9d5a05fa79a747bd5c1090135ff1777756f8a

  • SHA256

    eba5ec221eb35337956eeacc73edb062c218903e329901d3ccbb55cd0f6c9448

  • SHA512

    dd76ae39a4074768a0d3ba94beab19e38f74b47ead8aae6dceac4dc1de35416db3ce8dabd1b4b4bbbaeb86512a94ed7da7a2b53f5d008b274b489f0fb3393773

  • SSDEEP

    3072:CSr6oqbCV3fNddKpj0jNxpH4DhDxFyefZOnoX7SAqZHTMyk8kafp6d:CSrTqydKpQx989ROnoXZ0k8kypA

Score
9/10
cryptonepackerpersistence

Malware Config

Targets

    • Target

      eba5ec221eb35337956eeacc73edb062c218903e329901d3ccbb55cd0f6c9448

    • Size

      207KB

    • MD5

      b8b2bd38d344a855534ce9c67ce6b823

    • SHA1

      3ac9d5a05fa79a747bd5c1090135ff1777756f8a

    • SHA256

      eba5ec221eb35337956eeacc73edb062c218903e329901d3ccbb55cd0f6c9448

    • SHA512

      dd76ae39a4074768a0d3ba94beab19e38f74b47ead8aae6dceac4dc1de35416db3ce8dabd1b4b4bbbaeb86512a94ed7da7a2b53f5d008b274b489f0fb3393773

    • SSDEEP

      3072:CSr6oqbCV3fNddKpj0jNxpH4DhDxFyefZOnoX7SAqZHTMyk8kafp6d:CSrTqydKpQx989ROnoXZ0k8kypA

    Score
    9/10
    cryptonepackerpersistence

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

      cryptonepacker

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks