General

  • Target

    0ff9140d942e3a19c7dcb70958d8a72b98a1549578e9fb91ae159398ff750446

  • Size

    267KB

  • Sample

    221126-y9abbscc48

  • MD5

    9d9aac18c62290539c705bc16a7461ec

  • SHA1

    f92486488122b019162c7d4e6c867304997f464c

  • SHA256

    0ff9140d942e3a19c7dcb70958d8a72b98a1549578e9fb91ae159398ff750446

  • SHA512

    66216aec72d73f47f29e069884c2cbde67c086f567cbd9d636d26f8a733fe41c7b8fe9624767c8553def76a817e2411b1f9244166481a3442b65aa78a0de8a29

  • SSDEEP

    6144:2LIIUuWWBC6c5V4GS1Xl6aXqb1E/21w0kIerV:GIIUbWm471Xs5EWw0Veh

Malware Config

Targets

    • Target

      0ff9140d942e3a19c7dcb70958d8a72b98a1549578e9fb91ae159398ff750446

    • Size

      267KB

    • MD5

      9d9aac18c62290539c705bc16a7461ec

    • SHA1

      f92486488122b019162c7d4e6c867304997f464c

    • SHA256

      0ff9140d942e3a19c7dcb70958d8a72b98a1549578e9fb91ae159398ff750446

    • SHA512

      66216aec72d73f47f29e069884c2cbde67c086f567cbd9d636d26f8a733fe41c7b8fe9624767c8553def76a817e2411b1f9244166481a3442b65aa78a0de8a29

    • SSDEEP

      6144:2LIIUuWWBC6c5V4GS1Xl6aXqb1E/21w0kIerV:GIIUbWm471Xs5EWw0Veh

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation

                    Tasks