General

  • Target

    209d8a6bd9f756ecbb1c00b0908df2e05e097639ab41f1d303fa7c45ccf43a18

  • Size

    285KB

  • Sample

    221126-zw3w6aea33

  • MD5

    258350dbde8a279a5960644d12d0c2e9

  • SHA1

    121c868a0fbac044b8a8c536f1cc96da3aeb07e4

  • SHA256

    209d8a6bd9f756ecbb1c00b0908df2e05e097639ab41f1d303fa7c45ccf43a18

  • SHA512

    c1a75c6e72d43c826908ee9bd97bf37a33308d861451802e034bbafb9c4f780ca9f4102f7edc7aa94e81d66fdf50001bdf3b90ea2874919fd2a8c849d20bf513

  • SSDEEP

    3072:HPASepKSylhu/Ix1qcQ7hIx4XodaHt98jItjkZsJNg+WE8bx+2:HdkO0/k1cNPNSjIF9J7W7x

Malware Config

Targets

    • Target

      209d8a6bd9f756ecbb1c00b0908df2e05e097639ab41f1d303fa7c45ccf43a18

    • Size

      285KB

    • MD5

      258350dbde8a279a5960644d12d0c2e9

    • SHA1

      121c868a0fbac044b8a8c536f1cc96da3aeb07e4

    • SHA256

      209d8a6bd9f756ecbb1c00b0908df2e05e097639ab41f1d303fa7c45ccf43a18

    • SHA512

      c1a75c6e72d43c826908ee9bd97bf37a33308d861451802e034bbafb9c4f780ca9f4102f7edc7aa94e81d66fdf50001bdf3b90ea2874919fd2a8c849d20bf513

    • SSDEEP

      3072:HPASepKSylhu/Ix1qcQ7hIx4XodaHt98jItjkZsJNg+WE8bx+2:HdkO0/k1cNPNSjIF9J7W7x

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation

                    Tasks