General

  • Target

    e5ff3e34d5090acc41b2c94858c4041ae1afad0ffb953086937275d8e18191ff

  • Size

    161KB

  • Sample

    221126-ngs8mabb27

  • MD5

    0b0b0a9099db9358b938e79608aa7c74

  • SHA1

    58607dbae259e72052ab18973870f60064ecf8c9

  • SHA256

    e5ff3e34d5090acc41b2c94858c4041ae1afad0ffb953086937275d8e18191ff

  • SHA512

    024283bf11878c926d9f1409dffe04023dccaf58d4a14bc042817633fc320985a68be9b53f01e532cc0299ff5f3e011ba5652089ee1b44c085ad18c31ee3d101

  • SSDEEP

    3072:+Xrc5WpSlP0sjkMGyrDJAA4uxeWd7QJamw8BtAhE0YR5xHsj8mRU:+Xm8wjfV56Wd7KazstqeBHso

Malware Config

Targets

    • Target

      e5ff3e34d5090acc41b2c94858c4041ae1afad0ffb953086937275d8e18191ff

    • Size

      161KB

    • MD5

      0b0b0a9099db9358b938e79608aa7c74

    • SHA1

      58607dbae259e72052ab18973870f60064ecf8c9

    • SHA256

      e5ff3e34d5090acc41b2c94858c4041ae1afad0ffb953086937275d8e18191ff

    • SHA512

      024283bf11878c926d9f1409dffe04023dccaf58d4a14bc042817633fc320985a68be9b53f01e532cc0299ff5f3e011ba5652089ee1b44c085ad18c31ee3d101

    • SSDEEP

      3072:+Xrc5WpSlP0sjkMGyrDJAA4uxeWd7QJamw8BtAhE0YR5xHsj8mRU:+Xm8wjfV56Wd7KazstqeBHso

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation

                    Tasks