General

  • Target

    9b0aa9f01850547f40691e965319963bfb0415ebacd83ff55cf29a1efd8d9cf7

  • Size

    158KB

  • Sample

    221127-2weknsef32

  • MD5

    ac47b88b4fe972ae0a79d741657cbc71

  • SHA1

    3b843e1edf13707c526d2be75521049e922c7ec8

  • SHA256

    9b0aa9f01850547f40691e965319963bfb0415ebacd83ff55cf29a1efd8d9cf7

  • SHA512

    0bb45fa4711550738b34e49f57fa36d97b6a942ab9b3d2e148a7a17207051c05092ef699c838d4e79e77fa85d5140638b3c8602ebbebcbf7d2879b62d710abde

  • SSDEEP

    3072:ulmi6pW+c4Hb9pDzcxRnMKqQqMR0kRWKgGzm6tvUKJz9mHPDfAFF7Hw:WdaVHhpvcncQqMR5Ul8Rqr4F1Q

Malware Config

Targets

    • Target

      9b0aa9f01850547f40691e965319963bfb0415ebacd83ff55cf29a1efd8d9cf7

    • Size

      158KB

    • MD5

      ac47b88b4fe972ae0a79d741657cbc71

    • SHA1

      3b843e1edf13707c526d2be75521049e922c7ec8

    • SHA256

      9b0aa9f01850547f40691e965319963bfb0415ebacd83ff55cf29a1efd8d9cf7

    • SHA512

      0bb45fa4711550738b34e49f57fa36d97b6a942ab9b3d2e148a7a17207051c05092ef699c838d4e79e77fa85d5140638b3c8602ebbebcbf7d2879b62d710abde

    • SSDEEP

      3072:ulmi6pW+c4Hb9pDzcxRnMKqQqMR0kRWKgGzm6tvUKJz9mHPDfAFF7Hw:WdaVHhpvcncQqMR5Ul8Rqr4F1Q

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation

                    Tasks