General

  • Target

    815034ff8c9402429919a3cfb8fcee61fd1c9d845421ec271140e90d8038b650

  • Size

    184KB

  • Sample

    221126-pbc5wscc62

  • MD5

    8d65c6f7d838d6982e4bd4aa95b61fcb

  • SHA1

    269b82089574b05c8e6e87e6bf913e47976e62d0

  • SHA256

    815034ff8c9402429919a3cfb8fcee61fd1c9d845421ec271140e90d8038b650

  • SHA512

    c25a92a716303e33c405302a52f619065acb1881efeaeaa621c88e4b47122d8b307385766cc0608dc3a3744c4e15d4af6806b16c7f9372358613047db5ef5b40

  • SSDEEP

    3072:JxUHhqoy+93APiDIZJhyirBBK/7Xf8umddy4QvZm3pTF9YvfcTnXAM:Jx5u3mFrBc/7Xf8umdUwZTLYCXL

Malware Config

Targets

    • Target

      815034ff8c9402429919a3cfb8fcee61fd1c9d845421ec271140e90d8038b650

    • Size

      184KB

    • MD5

      8d65c6f7d838d6982e4bd4aa95b61fcb

    • SHA1

      269b82089574b05c8e6e87e6bf913e47976e62d0

    • SHA256

      815034ff8c9402429919a3cfb8fcee61fd1c9d845421ec271140e90d8038b650

    • SHA512

      c25a92a716303e33c405302a52f619065acb1881efeaeaa621c88e4b47122d8b307385766cc0608dc3a3744c4e15d4af6806b16c7f9372358613047db5ef5b40

    • SSDEEP

      3072:JxUHhqoy+93APiDIZJhyirBBK/7Xf8umddy4QvZm3pTF9YvfcTnXAM:Jx5u3mFrBc/7Xf8umdUwZTLYCXL

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation

                    Tasks