General

  • Target

    da3e4a90730fc87a198eaa4b83c65641f43b0835ba2ff79ddabb2cc5bc794c91

  • Size

    213KB

  • Sample

    221127-kfh5gsgc9w

  • MD5

    f4c943788a058834e5589fb5d6adeaa1

  • SHA1

    45bcee81c82ba663b256976f1a2a328e42f50ca3

  • SHA256

    da3e4a90730fc87a198eaa4b83c65641f43b0835ba2ff79ddabb2cc5bc794c91

  • SHA512

    e24214d25c6bf3b8ebc7eab722ac3e467433e6f10320aa9e68c0110c86c05c37bcd38c7122f8c738565e4f9a83afc745c5eb52511fe02f4f43bc57169631cfc1

  • SSDEEP

    3072:ea9JyHCjnEN5SurHIyyr0H6yL6PrKr/Y6N0j55uw4omPMU0GhSRmV2/:ecUHOENxEtrKr3ejbmMKy

Malware Config

Targets

    • Target

      da3e4a90730fc87a198eaa4b83c65641f43b0835ba2ff79ddabb2cc5bc794c91

    • Size

      213KB

    • MD5

      f4c943788a058834e5589fb5d6adeaa1

    • SHA1

      45bcee81c82ba663b256976f1a2a328e42f50ca3

    • SHA256

      da3e4a90730fc87a198eaa4b83c65641f43b0835ba2ff79ddabb2cc5bc794c91

    • SHA512

      e24214d25c6bf3b8ebc7eab722ac3e467433e6f10320aa9e68c0110c86c05c37bcd38c7122f8c738565e4f9a83afc745c5eb52511fe02f4f43bc57169631cfc1

    • SSDEEP

      3072:ea9JyHCjnEN5SurHIyyr0H6yL6PrKr/Y6N0j55uw4omPMU0GhSRmV2/:ecUHOENxEtrKr3ejbmMKy

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks