General
-
Target
e5ff3e34d5090acc41b2c94858c4041ae1afad0ffb953086937275d8e18191ff
-
Size
161KB
-
Sample
221126-ngs8mabb27
-
MD5
0b0b0a9099db9358b938e79608aa7c74
-
SHA1
58607dbae259e72052ab18973870f60064ecf8c9
-
SHA256
e5ff3e34d5090acc41b2c94858c4041ae1afad0ffb953086937275d8e18191ff
-
SHA512
024283bf11878c926d9f1409dffe04023dccaf58d4a14bc042817633fc320985a68be9b53f01e532cc0299ff5f3e011ba5652089ee1b44c085ad18c31ee3d101
-
SSDEEP
3072:+Xrc5WpSlP0sjkMGyrDJAA4uxeWd7QJamw8BtAhE0YR5xHsj8mRU:+Xm8wjfV56Wd7KazstqeBHso
Malware Config
Targets
-
-
Target
e5ff3e34d5090acc41b2c94858c4041ae1afad0ffb953086937275d8e18191ff
-
Size
161KB
-
MD5
0b0b0a9099db9358b938e79608aa7c74
-
SHA1
58607dbae259e72052ab18973870f60064ecf8c9
-
SHA256
e5ff3e34d5090acc41b2c94858c4041ae1afad0ffb953086937275d8e18191ff
-
SHA512
024283bf11878c926d9f1409dffe04023dccaf58d4a14bc042817633fc320985a68be9b53f01e532cc0299ff5f3e011ba5652089ee1b44c085ad18c31ee3d101
-
SSDEEP
3072:+Xrc5WpSlP0sjkMGyrDJAA4uxeWd7QJamw8BtAhE0YR5xHsj8mRU:+Xm8wjfV56Wd7KazstqeBHso
Score9/10-
CryptOne packer
Detects CryptOne packer defined in NCC blogpost.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-