General

  • Target

    1a52f1e2cc7669ab45b35949668ec991f0b55986c561144eda83427209498483

  • Size

    261KB

  • Sample

    221125-pyjaescd2s

  • MD5

    a2bbdf8062af242ffefdf2117a6b5062

  • SHA1

    59078f4500033425a3c669acefccd6e4c2bfad13

  • SHA256

    1a52f1e2cc7669ab45b35949668ec991f0b55986c561144eda83427209498483

  • SHA512

    14958c253b0733f8d4dcb4b5dc24aafc2a03fbe27526d36def02e439826bda3ba39570e68caa631356eeb260516398d0b1c57effe672ab6b330bddfae80e1a5e

  • SSDEEP

    3072:Q0TCW2KE3Wc5eJLHy182T7Ot5dBFjxj95AGXIYqYepinFx4MhWXsLLW:QWLE3Wc5U2PyzTYYHFhhWXsm

Malware Config

Targets

    • Target

      1a52f1e2cc7669ab45b35949668ec991f0b55986c561144eda83427209498483

    • Size

      261KB

    • MD5

      a2bbdf8062af242ffefdf2117a6b5062

    • SHA1

      59078f4500033425a3c669acefccd6e4c2bfad13

    • SHA256

      1a52f1e2cc7669ab45b35949668ec991f0b55986c561144eda83427209498483

    • SHA512

      14958c253b0733f8d4dcb4b5dc24aafc2a03fbe27526d36def02e439826bda3ba39570e68caa631356eeb260516398d0b1c57effe672ab6b330bddfae80e1a5e

    • SSDEEP

      3072:Q0TCW2KE3Wc5eJLHy182T7Ot5dBFjxj95AGXIYqYepinFx4MhWXsLLW:QWLE3Wc5U2PyzTYYHFhhWXsm

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation

                    Tasks