General

  • Target

    cbd655138d3da558de8b669db11373cc8e81ccb2004a8676ac44de559efe1acc

  • Size

    194KB

  • Sample

    221126-npx7jsbd93

  • MD5

    e8c177492ba74f3b148d1570ea64791f

  • SHA1

    98f36136d0bb706d278e1c55b32d55da1e9fd545

  • SHA256

    cbd655138d3da558de8b669db11373cc8e81ccb2004a8676ac44de559efe1acc

  • SHA512

    a6823805b44c8899e68e6621c2544e25e83ae71fca62119c1bffb2b1660b856ff753f1bf7db71072d5e243398c7ab6eac01178659183450896d375b4db60a6b2

  • SSDEEP

    3072:WXNHCcK/d57cZ0gucmIBHqI6QHEt9JVVtA3+kM8tfPTY1kzd4blnHl8SMWRxFeGA:z7xguAKXry3jdfPTykp4dl3RH/A

Malware Config

Targets

    • Target

      cbd655138d3da558de8b669db11373cc8e81ccb2004a8676ac44de559efe1acc

    • Size

      194KB

    • MD5

      e8c177492ba74f3b148d1570ea64791f

    • SHA1

      98f36136d0bb706d278e1c55b32d55da1e9fd545

    • SHA256

      cbd655138d3da558de8b669db11373cc8e81ccb2004a8676ac44de559efe1acc

    • SHA512

      a6823805b44c8899e68e6621c2544e25e83ae71fca62119c1bffb2b1660b856ff753f1bf7db71072d5e243398c7ab6eac01178659183450896d375b4db60a6b2

    • SSDEEP

      3072:WXNHCcK/d57cZ0gucmIBHqI6QHEt9JVVtA3+kM8tfPTY1kzd4blnHl8SMWRxFeGA:z7xguAKXry3jdfPTykp4dl3RH/A

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation

                    Tasks