General

  • Target

    6ba511dfc51a92080512e421935e6d6cdb0e6fe0f5799c3148e43d4d432ab667

  • Size

    313KB

  • Sample

    221126-pgdcvace47

  • MD5

    1f27abc33206679625d3927ecbb3c987

  • SHA1

    cbae79d10b9962e577416d962f57ba6d0a2c97e5

  • SHA256

    6ba511dfc51a92080512e421935e6d6cdb0e6fe0f5799c3148e43d4d432ab667

  • SHA512

    594790132df9cb47274538f4dc00f2490c308f5c3897fa1e926aab0ccea6c43e9a5b3f3b6865b84a8c384d7f4834c8e666b697742439fe908192419338192b78

  • SSDEEP

    6144:TimqEZllzHsUh2m3zYwyGpwSNVrjl15RMVpyRyF5:TFJnlzHJB3byIhjRR25

Malware Config

Targets

    • Target

      6ba511dfc51a92080512e421935e6d6cdb0e6fe0f5799c3148e43d4d432ab667

    • Size

      313KB

    • MD5

      1f27abc33206679625d3927ecbb3c987

    • SHA1

      cbae79d10b9962e577416d962f57ba6d0a2c97e5

    • SHA256

      6ba511dfc51a92080512e421935e6d6cdb0e6fe0f5799c3148e43d4d432ab667

    • SHA512

      594790132df9cb47274538f4dc00f2490c308f5c3897fa1e926aab0ccea6c43e9a5b3f3b6865b84a8c384d7f4834c8e666b697742439fe908192419338192b78

    • SSDEEP

      6144:TimqEZllzHsUh2m3zYwyGpwSNVrjl15RMVpyRyF5:TFJnlzHJB3byIhjRR25

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation

                    Tasks