General
-
Target
6986f7c0b4b349964e28a6ab32b4377d7758b04a2180869bb68593044e5fc896
-
Size
251KB
-
Sample
221125-jlavmabg33
-
MD5
38c7f468902d08097d4b59d25c1eb902
-
SHA1
36e8f1269677db032ca06880bb1d8a2461aaf915
-
SHA256
6986f7c0b4b349964e28a6ab32b4377d7758b04a2180869bb68593044e5fc896
-
SHA512
e98b669779f2557e1d6d2d4cab7df888dcecfe61b09436d0c80ae1da1babf76d5de922e02dc63bc89e5d75932ddc0de8871d08b1b99d18436b6f841215dca136
-
SSDEEP
3072:U9v30e0Ld3boyhCZtb3GzxFjT40CDBbtYQ+x3yFS/t0Sn2GuroQfBRbD:UuLd3Pzrj8VDBbGQgImlNeoa
Malware Config
Targets
-
-
Target
6986f7c0b4b349964e28a6ab32b4377d7758b04a2180869bb68593044e5fc896
-
Size
251KB
-
MD5
38c7f468902d08097d4b59d25c1eb902
-
SHA1
36e8f1269677db032ca06880bb1d8a2461aaf915
-
SHA256
6986f7c0b4b349964e28a6ab32b4377d7758b04a2180869bb68593044e5fc896
-
SHA512
e98b669779f2557e1d6d2d4cab7df888dcecfe61b09436d0c80ae1da1babf76d5de922e02dc63bc89e5d75932ddc0de8871d08b1b99d18436b6f841215dca136
-
SSDEEP
3072:U9v30e0Ld3boyhCZtb3GzxFjT40CDBbtYQ+x3yFS/t0Sn2GuroQfBRbD:UuLd3Pzrj8VDBbGQgImlNeoa
Score9/10-
CryptOne packer
Detects CryptOne packer defined in NCC blogpost.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-