General

  • Target

    18beeff286bdf571966bbc400e576ba8f4f5829f2ffcc622b40ec40b37380101

  • Size

    192KB

  • Sample

    221126-an59wahc88

  • MD5

    ad27d605816b627b3f41a23c01dca94d

  • SHA1

    0a63f94ee0719bde1fd4fdec568ff32196205a64

  • SHA256

    18beeff286bdf571966bbc400e576ba8f4f5829f2ffcc622b40ec40b37380101

  • SHA512

    415f917f1992fa7d6b270464aa656e4512a7c1e6a7b740e860909ffabb82f15142b0bd46132ffa275b250c02283c51dced2456bd507eae1bd8a1d6bbdfcdb2f1

  • SSDEEP

    3072:0CvMFvK7VnjCuivWezqoBYdDgy/6aW4oy4vjPFtze/laS6fvf1loG43p+0GElJ:1iSZKJzqoBaI4svj/XSsDoG43s0GEL

Malware Config

Targets

    • Target

      18beeff286bdf571966bbc400e576ba8f4f5829f2ffcc622b40ec40b37380101

    • Size

      192KB

    • MD5

      ad27d605816b627b3f41a23c01dca94d

    • SHA1

      0a63f94ee0719bde1fd4fdec568ff32196205a64

    • SHA256

      18beeff286bdf571966bbc400e576ba8f4f5829f2ffcc622b40ec40b37380101

    • SHA512

      415f917f1992fa7d6b270464aa656e4512a7c1e6a7b740e860909ffabb82f15142b0bd46132ffa275b250c02283c51dced2456bd507eae1bd8a1d6bbdfcdb2f1

    • SSDEEP

      3072:0CvMFvK7VnjCuivWezqoBYdDgy/6aW4oy4vjPFtze/laS6fvf1loG43p+0GElJ:1iSZKJzqoBaI4svj/XSsDoG43s0GEL

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

    • Deletes itself

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks