General
-
Target
103a5f30217bb4e6e0eb9469d1129ad8b2f10095b37e681c99817f06678e6082
-
Size
292KB
-
Sample
221125-mc9jdaab45
-
MD5
da6befbc930bd34a50de57cdc863bfa1
-
SHA1
67a534abc079409435546184f5faab06285759bf
-
SHA256
103a5f30217bb4e6e0eb9469d1129ad8b2f10095b37e681c99817f06678e6082
-
SHA512
f3031f2ff0971153043afeebc56eb9fc021be3d86fce80f662745b066233b6092165251c7f38773e1b426beea6d3bb86fd0f2732312927c47017f174cadab057
-
SSDEEP
3072:NZdTTTcoPUQIeWeb6P4TX3IQSoHaZyiE6oIIdAX1O4wqP+KAfG3dMhWXsLdb:LdTPNPkeWeGP4DW3IdG1O0+1e2hWXsx
Malware Config
Targets
-
-
Target
103a5f30217bb4e6e0eb9469d1129ad8b2f10095b37e681c99817f06678e6082
-
Size
292KB
-
MD5
da6befbc930bd34a50de57cdc863bfa1
-
SHA1
67a534abc079409435546184f5faab06285759bf
-
SHA256
103a5f30217bb4e6e0eb9469d1129ad8b2f10095b37e681c99817f06678e6082
-
SHA512
f3031f2ff0971153043afeebc56eb9fc021be3d86fce80f662745b066233b6092165251c7f38773e1b426beea6d3bb86fd0f2732312927c47017f174cadab057
-
SSDEEP
3072:NZdTTTcoPUQIeWeb6P4TX3IQSoHaZyiE6oIIdAX1O4wqP+KAfG3dMhWXsLdb:LdTPNPkeWeGP4DW3IdG1O0+1e2hWXsx
Score9/10-
CryptOne packer
Detects CryptOne packer defined in NCC blogpost.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-