General
-
Target
9a84ddb7358db1021a2251635df07e7099d84d72c7aa8649f8812e0680c47024
-
Size
185KB
-
Sample
221124-1ngvdsbe78
-
MD5
3d0fc978171bbb5b537042e965c30c30
-
SHA1
53d108a50444881cbf309917285fd4e31ebe6f18
-
SHA256
9a84ddb7358db1021a2251635df07e7099d84d72c7aa8649f8812e0680c47024
-
SHA512
ebcc3ee53fde94d5d66e4d72850db8d49342b2db0af072a5ee32b2ad295a5a3a5cd426275d15463e36e800da4f9266e4976751587c047c5121afd01ba7214780
-
SSDEEP
3072:8OxNvIoIKwIHZ7qUcH9PPGxOeNSOo2hWjFTqx9pV64Fbo9tqUzqgTG:8OHI7AlY1GdG2IjMY4Fbo9Q7
Malware Config
Targets
-
-
Target
9a84ddb7358db1021a2251635df07e7099d84d72c7aa8649f8812e0680c47024
-
Size
185KB
-
MD5
3d0fc978171bbb5b537042e965c30c30
-
SHA1
53d108a50444881cbf309917285fd4e31ebe6f18
-
SHA256
9a84ddb7358db1021a2251635df07e7099d84d72c7aa8649f8812e0680c47024
-
SHA512
ebcc3ee53fde94d5d66e4d72850db8d49342b2db0af072a5ee32b2ad295a5a3a5cd426275d15463e36e800da4f9266e4976751587c047c5121afd01ba7214780
-
SSDEEP
3072:8OxNvIoIKwIHZ7qUcH9PPGxOeNSOo2hWjFTqx9pV64Fbo9tqUzqgTG:8OHI7AlY1GdG2IjMY4Fbo9Q7
Score9/10-
CryptOne packer
Detects CryptOne packer defined in NCC blogpost.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-