6bcf210bcccd91bd7735e909d190dbbb10cc44ca46d8069d332ccd128bc8908f | Triage

Submit
Reports

Overview

overview

9

Static

static

6bcf210bcc...8f.exe

windows7-x64

9

6bcf210bcc...8f.exe

windows10-2004-x64

3

Sharing

General

Target

6bcf210bcccd91bd7735e909d190dbbb10cc44ca46d8069d332ccd128bc8908f
Size

269KB
Sample

221126-pgcrbace46
MD5

f6d44ea037d8d0099af3d0d692018989
SHA1

73e44ca497c63af7e71decdf541fa7d1011ac87b
SHA256

6bcf210bcccd91bd7735e909d190dbbb10cc44ca46d8069d332ccd128bc8908f
SHA512

afb68ad4510cce5d7abfa472e2404da33f48696406889dc49b9a1581454bd2117dbf6be5135dc4b48a846808e403cffcc5c87c1e7e3fd8689bc87072de16309c
SSDEEP

3072:OKgqsEmsafEycycCo3THg49PHrfIms8j/SN3EZj80/yv5lWww:rwSD1HTImB/Q3EV84

Score

9^/10

cryptone packer persistence

Static task

static1

Behavioral task

behavioral1

Sample

6bcf210bcccd91bd7735e909d190dbbb10cc44ca46d8069d332ccd128bc8908f.exe

Resource

win7-20221111-en

cryptone packer persistence

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

6bcf210bcccd91bd7735e909d190dbbb10cc44ca46d8069d332ccd128bc8908f.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  6bcf210bcccd91bd7735e909d190dbbb10cc44ca46d8069d332ccd128bc8908f
- Size
  
  269KB
- MD5
  
  f6d44ea037d8d0099af3d0d692018989
- SHA1
  
  73e44ca497c63af7e71decdf541fa7d1011ac87b
- SHA256
  
  6bcf210bcccd91bd7735e909d190dbbb10cc44ca46d8069d332ccd128bc8908f
- SHA512
  
  afb68ad4510cce5d7abfa472e2404da33f48696406889dc49b9a1581454bd2117dbf6be5135dc4b48a846808e403cffcc5c87c1e7e3fd8689bc87072de16309c
- SSDEEP
  
  3072:OKgqsEmsafEycycCo3THg49PHrfIms8j/SN3EZj80/yv5lWww:rwSD1HTImB/Q3EV84
Score

9^/10

cryptone packer persistence
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cryptonepackerpersistence

behavioral2

© 2018-2023

Terms | Privacy