General
-
Target
6ba511dfc51a92080512e421935e6d6cdb0e6fe0f5799c3148e43d4d432ab667
-
Size
313KB
-
Sample
221126-pgdcvace47
-
MD5
1f27abc33206679625d3927ecbb3c987
-
SHA1
cbae79d10b9962e577416d962f57ba6d0a2c97e5
-
SHA256
6ba511dfc51a92080512e421935e6d6cdb0e6fe0f5799c3148e43d4d432ab667
-
SHA512
594790132df9cb47274538f4dc00f2490c308f5c3897fa1e926aab0ccea6c43e9a5b3f3b6865b84a8c384d7f4834c8e666b697742439fe908192419338192b78
-
SSDEEP
6144:TimqEZllzHsUh2m3zYwyGpwSNVrjl15RMVpyRyF5:TFJnlzHJB3byIhjRR25
Malware Config
Targets
-
-
Target
6ba511dfc51a92080512e421935e6d6cdb0e6fe0f5799c3148e43d4d432ab667
-
Size
313KB
-
MD5
1f27abc33206679625d3927ecbb3c987
-
SHA1
cbae79d10b9962e577416d962f57ba6d0a2c97e5
-
SHA256
6ba511dfc51a92080512e421935e6d6cdb0e6fe0f5799c3148e43d4d432ab667
-
SHA512
594790132df9cb47274538f4dc00f2490c308f5c3897fa1e926aab0ccea6c43e9a5b3f3b6865b84a8c384d7f4834c8e666b697742439fe908192419338192b78
-
SSDEEP
6144:TimqEZllzHsUh2m3zYwyGpwSNVrjl15RMVpyRyF5:TFJnlzHJB3byIhjRR25
Score9/10-
CryptOne packer
Detects CryptOne packer defined in NCC blogpost.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-