General

  • Target

    a9d23f36c3684bb6c6215139f9baf1aa016b964bd1b0229c81d4fe728318be81

  • Size

    188KB

  • Sample

    221128-kwy6msfe5s

  • MD5

    ae34e06cc62db8aa9dc426456d4c9b81

  • SHA1

    388cff1ca9eaf29fff5e78f7ecc13b104117462c

  • SHA256

    a9d23f36c3684bb6c6215139f9baf1aa016b964bd1b0229c81d4fe728318be81

  • SHA512

    2c68c3a2edfb42ef8be6612288d65173d819c20161038f75a1b4653769e7b7488d5a8bb29cea7aa90f8887e9563343b8c114ff860b5a3fd1e4786cb3dbb899a6

  • SSDEEP

    3072:AuqBVLTA8iVUH/XsQMqFr9tXhRcEme9zwLcCgCg+bDK176FsfpJCsO2x4I6:AuqBNTANVAXzr9aWzwLpxg+bCJfn3Q

Malware Config

Targets

    • Target

      a9d23f36c3684bb6c6215139f9baf1aa016b964bd1b0229c81d4fe728318be81

    • Size

      188KB

    • MD5

      ae34e06cc62db8aa9dc426456d4c9b81

    • SHA1

      388cff1ca9eaf29fff5e78f7ecc13b104117462c

    • SHA256

      a9d23f36c3684bb6c6215139f9baf1aa016b964bd1b0229c81d4fe728318be81

    • SHA512

      2c68c3a2edfb42ef8be6612288d65173d819c20161038f75a1b4653769e7b7488d5a8bb29cea7aa90f8887e9563343b8c114ff860b5a3fd1e4786cb3dbb899a6

    • SSDEEP

      3072:AuqBVLTA8iVUH/XsQMqFr9tXhRcEme9zwLcCgCg+bDK176FsfpJCsO2x4I6:AuqBNTANVAXzr9aWzwLpxg+bCJfn3Q

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks