General

  • Target

    578fa9ea352f78b1443c817ae43ee968fb6d827b8fbb9dd30fab6e23c8c80744

  • Size

    258KB

  • Sample

    221125-nwskmshe8w

  • MD5

    8316cf2207ab369a8b48615324f4d794

  • SHA1

    e1ce12d761c055692847b5281f9c457f19847d67

  • SHA256

    578fa9ea352f78b1443c817ae43ee968fb6d827b8fbb9dd30fab6e23c8c80744

  • SHA512

    c0f3c27125d947469286c7df30859256054bedd02b0834e14a7dde801064235246a94dd805ca54cc538f0442c7e1b4009ee2fd12b5ad885b3f307ead9901bbfc

  • SSDEEP

    6144:N2c68qqv3gyy6wP2xnK7KlEV7DVKduhqb:N6877y7P2xnIK+lpGuh+

Malware Config

Targets

    • Target

      578fa9ea352f78b1443c817ae43ee968fb6d827b8fbb9dd30fab6e23c8c80744

    • Size

      258KB

    • MD5

      8316cf2207ab369a8b48615324f4d794

    • SHA1

      e1ce12d761c055692847b5281f9c457f19847d67

    • SHA256

      578fa9ea352f78b1443c817ae43ee968fb6d827b8fbb9dd30fab6e23c8c80744

    • SHA512

      c0f3c27125d947469286c7df30859256054bedd02b0834e14a7dde801064235246a94dd805ca54cc538f0442c7e1b4009ee2fd12b5ad885b3f307ead9901bbfc

    • SSDEEP

      6144:N2c68qqv3gyy6wP2xnK7KlEV7DVKduhqb:N6877y7P2xnIK+lpGuh+

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation

                    Tasks