General
-
Target
375b935c8ee0e9819b4b636fee2b6b5175e7313cf5d5c8d48cb85d66dfd94af8
-
Size
256KB
-
Sample
221125-jx627scf33
-
MD5
ec08ac2c11b145a3726362fad2cf5cdb
-
SHA1
e855a457e9909b779a1788021f0e4f3cf754bc4a
-
SHA256
375b935c8ee0e9819b4b636fee2b6b5175e7313cf5d5c8d48cb85d66dfd94af8
-
SHA512
4968b0356c659f0ce0590fd7d748235a86496d302846fa9e406dfcabf4e036e81afff989e19bad5ea39286806db713c226a06e838dbd4cf6bd0a21289a6cfc66
-
SSDEEP
3072:LWVQPp7D5oz04Xd6aiSsHEAyFvVi/4z3MoqOipOdtoGgOccmFlxFILj2:LxPp7V74tUCV+oqH6J3mFlp
Malware Config
Targets
-
-
Target
375b935c8ee0e9819b4b636fee2b6b5175e7313cf5d5c8d48cb85d66dfd94af8
-
Size
256KB
-
MD5
ec08ac2c11b145a3726362fad2cf5cdb
-
SHA1
e855a457e9909b779a1788021f0e4f3cf754bc4a
-
SHA256
375b935c8ee0e9819b4b636fee2b6b5175e7313cf5d5c8d48cb85d66dfd94af8
-
SHA512
4968b0356c659f0ce0590fd7d748235a86496d302846fa9e406dfcabf4e036e81afff989e19bad5ea39286806db713c226a06e838dbd4cf6bd0a21289a6cfc66
-
SSDEEP
3072:LWVQPp7D5oz04Xd6aiSsHEAyFvVi/4z3MoqOipOdtoGgOccmFlxFILj2:LxPp7V74tUCV+oqH6J3mFlp
Score9/10-
CryptOne packer
Detects CryptOne packer defined in NCC blogpost.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-