General
-
Target
1aaee3caabfceecbd5c25caa4a1c3d5d7517f0b5b252d2e59367d1aadb400f61
-
Size
258KB
-
Sample
221126-vcchmshe99
-
MD5
d97d7777cc2dbf94761a741f98562ce1
-
SHA1
f142ed9523eb296f616b15434a72998c22048357
-
SHA256
1aaee3caabfceecbd5c25caa4a1c3d5d7517f0b5b252d2e59367d1aadb400f61
-
SHA512
7a927eaaaf679c26981b9d7190000641a49d11395a2f57c23315a3e12fadc086fad2d67714ac19864eebc3ccbe00fb757432a16cc8e196e435c82de88da4d2eb
-
SSDEEP
3072:awtEktkLPAy4SgHkDD3F+s0lBDN3CgxgjGPOWvn2AYd1IyzSF2f:ttqapHt/J3hxgjmjsDzSof
Malware Config
Targets
-
-
Target
1aaee3caabfceecbd5c25caa4a1c3d5d7517f0b5b252d2e59367d1aadb400f61
-
Size
258KB
-
MD5
d97d7777cc2dbf94761a741f98562ce1
-
SHA1
f142ed9523eb296f616b15434a72998c22048357
-
SHA256
1aaee3caabfceecbd5c25caa4a1c3d5d7517f0b5b252d2e59367d1aadb400f61
-
SHA512
7a927eaaaf679c26981b9d7190000641a49d11395a2f57c23315a3e12fadc086fad2d67714ac19864eebc3ccbe00fb757432a16cc8e196e435c82de88da4d2eb
-
SSDEEP
3072:awtEktkLPAy4SgHkDD3F+s0lBDN3CgxgjGPOWvn2AYd1IyzSF2f:ttqapHt/J3hxgjmjsDzSof
Score9/10-
CryptOne packer
Detects CryptOne packer defined in NCC blogpost.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-