General

  • Target

    e5b5062e453eccd7e46e5884f6f10a26c0214d8d032631b542009d06b84cfb38

  • Size

    173KB

  • Sample

    221127-r3tm3aed93

  • MD5

    17ea31f59b12985dcb26f6ae6fbed7fb

  • SHA1

    532f83e0a93f8af368da32d08d54b6452e13c107

  • SHA256

    e5b5062e453eccd7e46e5884f6f10a26c0214d8d032631b542009d06b84cfb38

  • SHA512

    1a4273c8376c4cc7dd2f0eeb97098fe8bf1451eab9de6bbf62d73881885dcda69bb25617543e98cf865414efa00307877cca60b3da698fee7788d94d14f947b9

  • SSDEEP

    3072:3+Fv3GLUtN3kO4AyEymgAeB86rbmkDC8Z0kdBLcqMpWm:3svWQtN3sDi6rbmtq06L9I

Malware Config

Targets

    • Target

      e5b5062e453eccd7e46e5884f6f10a26c0214d8d032631b542009d06b84cfb38

    • Size

      173KB

    • MD5

      17ea31f59b12985dcb26f6ae6fbed7fb

    • SHA1

      532f83e0a93f8af368da32d08d54b6452e13c107

    • SHA256

      e5b5062e453eccd7e46e5884f6f10a26c0214d8d032631b542009d06b84cfb38

    • SHA512

      1a4273c8376c4cc7dd2f0eeb97098fe8bf1451eab9de6bbf62d73881885dcda69bb25617543e98cf865414efa00307877cca60b3da698fee7788d94d14f947b9

    • SSDEEP

      3072:3+Fv3GLUtN3kO4AyEymgAeB86rbmkDC8Z0kdBLcqMpWm:3svWQtN3sDi6rbmtq06L9I

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation

                    Tasks