General
-
Target
209d8a6bd9f756ecbb1c00b0908df2e05e097639ab41f1d303fa7c45ccf43a18
-
Size
285KB
-
Sample
221126-zw3w6aea33
-
MD5
258350dbde8a279a5960644d12d0c2e9
-
SHA1
121c868a0fbac044b8a8c536f1cc96da3aeb07e4
-
SHA256
209d8a6bd9f756ecbb1c00b0908df2e05e097639ab41f1d303fa7c45ccf43a18
-
SHA512
c1a75c6e72d43c826908ee9bd97bf37a33308d861451802e034bbafb9c4f780ca9f4102f7edc7aa94e81d66fdf50001bdf3b90ea2874919fd2a8c849d20bf513
-
SSDEEP
3072:HPASepKSylhu/Ix1qcQ7hIx4XodaHt98jItjkZsJNg+WE8bx+2:HdkO0/k1cNPNSjIF9J7W7x
Malware Config
Targets
-
-
Target
209d8a6bd9f756ecbb1c00b0908df2e05e097639ab41f1d303fa7c45ccf43a18
-
Size
285KB
-
MD5
258350dbde8a279a5960644d12d0c2e9
-
SHA1
121c868a0fbac044b8a8c536f1cc96da3aeb07e4
-
SHA256
209d8a6bd9f756ecbb1c00b0908df2e05e097639ab41f1d303fa7c45ccf43a18
-
SHA512
c1a75c6e72d43c826908ee9bd97bf37a33308d861451802e034bbafb9c4f780ca9f4102f7edc7aa94e81d66fdf50001bdf3b90ea2874919fd2a8c849d20bf513
-
SSDEEP
3072:HPASepKSylhu/Ix1qcQ7hIx4XodaHt98jItjkZsJNg+WE8bx+2:HdkO0/k1cNPNSjIF9J7W7x
Score9/10-
CryptOne packer
Detects CryptOne packer defined in NCC blogpost.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-