General

  • Target

    1aaee3caabfceecbd5c25caa4a1c3d5d7517f0b5b252d2e59367d1aadb400f61

  • Size

    258KB

  • Sample

    221126-vcchmshe99

  • MD5

    d97d7777cc2dbf94761a741f98562ce1

  • SHA1

    f142ed9523eb296f616b15434a72998c22048357

  • SHA256

    1aaee3caabfceecbd5c25caa4a1c3d5d7517f0b5b252d2e59367d1aadb400f61

  • SHA512

    7a927eaaaf679c26981b9d7190000641a49d11395a2f57c23315a3e12fadc086fad2d67714ac19864eebc3ccbe00fb757432a16cc8e196e435c82de88da4d2eb

  • SSDEEP

    3072:awtEktkLPAy4SgHkDD3F+s0lBDN3CgxgjGPOWvn2AYd1IyzSF2f:ttqapHt/J3hxgjmjsDzSof

Malware Config

Targets

    • Target

      1aaee3caabfceecbd5c25caa4a1c3d5d7517f0b5b252d2e59367d1aadb400f61

    • Size

      258KB

    • MD5

      d97d7777cc2dbf94761a741f98562ce1

    • SHA1

      f142ed9523eb296f616b15434a72998c22048357

    • SHA256

      1aaee3caabfceecbd5c25caa4a1c3d5d7517f0b5b252d2e59367d1aadb400f61

    • SHA512

      7a927eaaaf679c26981b9d7190000641a49d11395a2f57c23315a3e12fadc086fad2d67714ac19864eebc3ccbe00fb757432a16cc8e196e435c82de88da4d2eb

    • SSDEEP

      3072:awtEktkLPAy4SgHkDD3F+s0lBDN3CgxgjGPOWvn2AYd1IyzSF2f:ttqapHt/J3hxgjmjsDzSof

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation

                    Tasks