50b9bde58ee2fe84c0eb294d34a1d1edc59599b28e96c68899fa5740ddf01bc6 | Triage

Submit
Reports

Overview

overview

9

Static

static

50b9bde58e...c6.exe

windows7-x64

9

50b9bde58e...c6.exe

windows10-2004-x64

9

Sharing

General

Target

50b9bde58ee2fe84c0eb294d34a1d1edc59599b28e96c68899fa5740ddf01bc6
Size

268KB
Sample

221125-jrz2psfg2w
MD5

d67e0f167fb21754e2e69b19384b90b1
SHA1

26224604e69fffb909d181e2c84de2b2a86fb0d5
SHA256

50b9bde58ee2fe84c0eb294d34a1d1edc59599b28e96c68899fa5740ddf01bc6
SHA512

20fe8607f97d3048a20fb1457e8519ab69cad5e6e0ada6d70dd3adb17ff9879d705e35d3d6af17b07e239e7520d20ea64065038b9f312c0a31d75550172ff9fa
SSDEEP

3072:iHW61cbgmFB8gY5ssayBzWReDfTkUQ1hrso/0y2+XtpclxFILjW:iHW8cbgmj895zWRefkJHr6z+wlJ

Score

9^/10

cryptone packer persistence

Static task

static1

Behavioral task

behavioral1

Sample

50b9bde58ee2fe84c0eb294d34a1d1edc59599b28e96c68899fa5740ddf01bc6.exe

Resource

win7-20220901-en

cryptone packer persistence

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

50b9bde58ee2fe84c0eb294d34a1d1edc59599b28e96c68899fa5740ddf01bc6.exe

Resource

win10v2004-20221111-en

cryptone packer persistence

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  50b9bde58ee2fe84c0eb294d34a1d1edc59599b28e96c68899fa5740ddf01bc6
- Size
  
  268KB
- MD5
  
  d67e0f167fb21754e2e69b19384b90b1
- SHA1
  
  26224604e69fffb909d181e2c84de2b2a86fb0d5
- SHA256
  
  50b9bde58ee2fe84c0eb294d34a1d1edc59599b28e96c68899fa5740ddf01bc6
- SHA512
  
  20fe8607f97d3048a20fb1457e8519ab69cad5e6e0ada6d70dd3adb17ff9879d705e35d3d6af17b07e239e7520d20ea64065038b9f312c0a31d75550172ff9fa
- SSDEEP
  
  3072:iHW61cbgmFB8gY5ssayBzWReDfTkUQ1hrso/0y2+XtpclxFILjW:iHW8cbgmj895zWRefkJHr6z+wlJ
Score

9^/10

cryptone packer persistence
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cryptonepackerpersistence

behavioral2

cryptonepackerpersistence

© 2018-2024

Terms | Privacy