General

  • Target

    6bcf210bcccd91bd7735e909d190dbbb10cc44ca46d8069d332ccd128bc8908f

  • Size

    269KB

  • Sample

    221126-pgcrbace46

  • MD5

    f6d44ea037d8d0099af3d0d692018989

  • SHA1

    73e44ca497c63af7e71decdf541fa7d1011ac87b

  • SHA256

    6bcf210bcccd91bd7735e909d190dbbb10cc44ca46d8069d332ccd128bc8908f

  • SHA512

    afb68ad4510cce5d7abfa472e2404da33f48696406889dc49b9a1581454bd2117dbf6be5135dc4b48a846808e403cffcc5c87c1e7e3fd8689bc87072de16309c

  • SSDEEP

    3072:OKgqsEmsafEycycCo3THg49PHrfIms8j/SN3EZj80/yv5lWww:rwSD1HTImB/Q3EV84

Malware Config

Targets

    • Target

      6bcf210bcccd91bd7735e909d190dbbb10cc44ca46d8069d332ccd128bc8908f

    • Size

      269KB

    • MD5

      f6d44ea037d8d0099af3d0d692018989

    • SHA1

      73e44ca497c63af7e71decdf541fa7d1011ac87b

    • SHA256

      6bcf210bcccd91bd7735e909d190dbbb10cc44ca46d8069d332ccd128bc8908f

    • SHA512

      afb68ad4510cce5d7abfa472e2404da33f48696406889dc49b9a1581454bd2117dbf6be5135dc4b48a846808e403cffcc5c87c1e7e3fd8689bc87072de16309c

    • SSDEEP

      3072:OKgqsEmsafEycycCo3THg49PHrfIms8j/SN3EZj80/yv5lWww:rwSD1HTImB/Q3EV84

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation

                    Tasks