General

  • Target

    f15e7faee4e957b55af1ea183629d788e43d2c9010999f1e061792f7acc92efc

  • Size

    276KB

  • Sample

    221127-ry7zwseb57

  • MD5

    49772b743a7f18d91d06a74b1ec68cbe

  • SHA1

    05429aa996033cee44331e4f9aab713a1bc0bf93

  • SHA256

    f15e7faee4e957b55af1ea183629d788e43d2c9010999f1e061792f7acc92efc

  • SHA512

    07309dcd960717f1cf1c875a2e33fb871b1eb41e5981afd502129261b0f9da07a67305ba181aa58327ff8b03a6537abfdb9616344a75e662c821a9a959a6a9dd

  • SSDEEP

    6144:1mGwibP3TQFzQy8VEPpxwW+T+YDGcyNpl/:1mGwibPIky8/T+np

Malware Config

Targets

    • Target

      f15e7faee4e957b55af1ea183629d788e43d2c9010999f1e061792f7acc92efc

    • Size

      276KB

    • MD5

      49772b743a7f18d91d06a74b1ec68cbe

    • SHA1

      05429aa996033cee44331e4f9aab713a1bc0bf93

    • SHA256

      f15e7faee4e957b55af1ea183629d788e43d2c9010999f1e061792f7acc92efc

    • SHA512

      07309dcd960717f1cf1c875a2e33fb871b1eb41e5981afd502129261b0f9da07a67305ba181aa58327ff8b03a6537abfdb9616344a75e662c821a9a959a6a9dd

    • SSDEEP

      6144:1mGwibP3TQFzQy8VEPpxwW+T+YDGcyNpl/:1mGwibPIky8/T+np

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation

                    Tasks