General

  • Target

    103a5f30217bb4e6e0eb9469d1129ad8b2f10095b37e681c99817f06678e6082

  • Size

    292KB

  • Sample

    221125-mc9jdaab45

  • MD5

    da6befbc930bd34a50de57cdc863bfa1

  • SHA1

    67a534abc079409435546184f5faab06285759bf

  • SHA256

    103a5f30217bb4e6e0eb9469d1129ad8b2f10095b37e681c99817f06678e6082

  • SHA512

    f3031f2ff0971153043afeebc56eb9fc021be3d86fce80f662745b066233b6092165251c7f38773e1b426beea6d3bb86fd0f2732312927c47017f174cadab057

  • SSDEEP

    3072:NZdTTTcoPUQIeWeb6P4TX3IQSoHaZyiE6oIIdAX1O4wqP+KAfG3dMhWXsLdb:LdTPNPkeWeGP4DW3IdG1O0+1e2hWXsx

Malware Config

Targets

    • Target

      103a5f30217bb4e6e0eb9469d1129ad8b2f10095b37e681c99817f06678e6082

    • Size

      292KB

    • MD5

      da6befbc930bd34a50de57cdc863bfa1

    • SHA1

      67a534abc079409435546184f5faab06285759bf

    • SHA256

      103a5f30217bb4e6e0eb9469d1129ad8b2f10095b37e681c99817f06678e6082

    • SHA512

      f3031f2ff0971153043afeebc56eb9fc021be3d86fce80f662745b066233b6092165251c7f38773e1b426beea6d3bb86fd0f2732312927c47017f174cadab057

    • SSDEEP

      3072:NZdTTTcoPUQIeWeb6P4TX3IQSoHaZyiE6oIIdAX1O4wqP+KAfG3dMhWXsLdb:LdTPNPkeWeGP4DW3IdG1O0+1e2hWXsx

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation

                    Tasks