General

  • Target

    b477b591e97b9baf766bc3d7c14d0c1e51f604b07c55ab3585c5800830769f5c

  • Size

    253KB

  • Sample

    221127-p68v2shf55

  • MD5

    6f02982b41e04cbc36fb63774da221ae

  • SHA1

    8a011b383e42e6c71800c6fac13b85c00a0e5640

  • SHA256

    b477b591e97b9baf766bc3d7c14d0c1e51f604b07c55ab3585c5800830769f5c

  • SHA512

    4eee994bd8f28180a2ceeffe939a2f99dbb2c2e70192f7128f83bace85b6c9e78cc048f88be3afeecd2d71f4d7e4eb8ab505df02a65292d43bfcaf00b9f07b52

  • SSDEEP

    6144:aLBKpsNzAOR36nd5vr5dRBa0HzM04w4Ad:aNWshD3UXz5dPzM04w4Ad

Malware Config

Targets

    • Target

      b477b591e97b9baf766bc3d7c14d0c1e51f604b07c55ab3585c5800830769f5c

    • Size

      253KB

    • MD5

      6f02982b41e04cbc36fb63774da221ae

    • SHA1

      8a011b383e42e6c71800c6fac13b85c00a0e5640

    • SHA256

      b477b591e97b9baf766bc3d7c14d0c1e51f604b07c55ab3585c5800830769f5c

    • SHA512

      4eee994bd8f28180a2ceeffe939a2f99dbb2c2e70192f7128f83bace85b6c9e78cc048f88be3afeecd2d71f4d7e4eb8ab505df02a65292d43bfcaf00b9f07b52

    • SSDEEP

      6144:aLBKpsNzAOR36nd5vr5dRBa0HzM04w4Ad:aNWshD3UXz5dPzM04w4Ad

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

    • Deletes itself

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation

                    Tasks