General
-
Target
8f8ef3b449352f7379dfa85ec4cb2eb00e4901db3ecc2f68cc81be62f359f898
-
Size
203KB
-
Sample
221124-18n47scg77
-
MD5
c644cf7a01d379255db64b79f5f431d5
-
SHA1
788d4e0891d73b7498f0e2f9bbd132ce6b7935f1
-
SHA256
8f8ef3b449352f7379dfa85ec4cb2eb00e4901db3ecc2f68cc81be62f359f898
-
SHA512
c6794424f482aac8e4e99022ef7873185746700a6c3c1b6a8533bcc67156aadf830ddc6e29b7380efe68afade35571ee19996790403213ffefe6933ac506f071
-
SSDEEP
3072:6zfREw4n3yy83FopwjAmuUxyUJgTO2i5d17b8ThED3cCzfDYGiV4jZqMNRsEf:qRPv8wjA+xyUUi5dhb8ThkMCjdWYvj
Malware Config
Targets
-
-
Target
8f8ef3b449352f7379dfa85ec4cb2eb00e4901db3ecc2f68cc81be62f359f898
-
Size
203KB
-
MD5
c644cf7a01d379255db64b79f5f431d5
-
SHA1
788d4e0891d73b7498f0e2f9bbd132ce6b7935f1
-
SHA256
8f8ef3b449352f7379dfa85ec4cb2eb00e4901db3ecc2f68cc81be62f359f898
-
SHA512
c6794424f482aac8e4e99022ef7873185746700a6c3c1b6a8533bcc67156aadf830ddc6e29b7380efe68afade35571ee19996790403213ffefe6933ac506f071
-
SSDEEP
3072:6zfREw4n3yy83FopwjAmuUxyUJgTO2i5d17b8ThED3cCzfDYGiV4jZqMNRsEf:qRPv8wjA+xyUUi5dhb8ThkMCjdWYvj
Score9/10-
CryptOne packer
Detects CryptOne packer defined in NCC blogpost.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-