b477b591e97b9baf766bc3d7c14d0c1e51f604b07c55ab3585c5800830769f5c | Triage

Submit
Reports

Overview

overview

9

Static

static

b477b591e9...5c.exe

windows7-x64

9

b477b591e9...5c.exe

windows10-2004-x64

3

Sharing

General

Target

b477b591e97b9baf766bc3d7c14d0c1e51f604b07c55ab3585c5800830769f5c
Size

253KB
Sample

221127-p68v2shf55
MD5

6f02982b41e04cbc36fb63774da221ae
SHA1

8a011b383e42e6c71800c6fac13b85c00a0e5640
SHA256

b477b591e97b9baf766bc3d7c14d0c1e51f604b07c55ab3585c5800830769f5c
SHA512

4eee994bd8f28180a2ceeffe939a2f99dbb2c2e70192f7128f83bace85b6c9e78cc048f88be3afeecd2d71f4d7e4eb8ab505df02a65292d43bfcaf00b9f07b52
SSDEEP

6144:aLBKpsNzAOR36nd5vr5dRBa0HzM04w4Ad:aNWshD3UXz5dPzM04w4Ad

Score

9^/10

cryptone packer persistence

Static task

static1

Behavioral task

behavioral1

Sample

b477b591e97b9baf766bc3d7c14d0c1e51f604b07c55ab3585c5800830769f5c.exe

Resource

win7-20220812-en

cryptone packer persistence

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

b477b591e97b9baf766bc3d7c14d0c1e51f604b07c55ab3585c5800830769f5c.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  b477b591e97b9baf766bc3d7c14d0c1e51f604b07c55ab3585c5800830769f5c
- Size
  
  253KB
- MD5
  
  6f02982b41e04cbc36fb63774da221ae
- SHA1
  
  8a011b383e42e6c71800c6fac13b85c00a0e5640
- SHA256
  
  b477b591e97b9baf766bc3d7c14d0c1e51f604b07c55ab3585c5800830769f5c
- SHA512
  
  4eee994bd8f28180a2ceeffe939a2f99dbb2c2e70192f7128f83bace85b6c9e78cc048f88be3afeecd2d71f4d7e4eb8ab505df02a65292d43bfcaf00b9f07b52
- SSDEEP
  
  6144:aLBKpsNzAOR36nd5vr5dRBa0HzM04w4Ad:aNWshD3UXz5dPzM04w4Ad
Score

9^/10

cryptone packer persistence
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Deletes itself
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cryptonepackerpersistence

behavioral2

© 2018-2024

Terms | Privacy