General

  • Target

    22ea41ee4c63a22ea3a05431e99fe8b450595b7b32373e0f9d617ddfb14f1ce9

  • Size

    204KB

  • Sample

    221128-m3n1csdd3x

  • MD5

    49b03abf04d242aa1ad17a2b1a3c1dbb

  • SHA1

    1bb1117ddb72b6cfce553ed7bcb64f2803501f49

  • SHA256

    22ea41ee4c63a22ea3a05431e99fe8b450595b7b32373e0f9d617ddfb14f1ce9

  • SHA512

    76832a4d62c3e8aafdb6cb0b4f7de9ab66a74905077180e8f7dd2c7480d5e58a85cf81a604f71630785c4d675d5725d20721180e801df44b746457d4f1f0b116

  • SSDEEP

    3072:IfB3ShiS5rGTRGfMNzg/60Hby2T5DD7diinCHMH84er3A/uFQ7eeTz14jCv:IZ3ShiwrGTUf4E/xijc8Fr3PFaTz1h

Malware Config

Targets

    • Target

      22ea41ee4c63a22ea3a05431e99fe8b450595b7b32373e0f9d617ddfb14f1ce9

    • Size

      204KB

    • MD5

      49b03abf04d242aa1ad17a2b1a3c1dbb

    • SHA1

      1bb1117ddb72b6cfce553ed7bcb64f2803501f49

    • SHA256

      22ea41ee4c63a22ea3a05431e99fe8b450595b7b32373e0f9d617ddfb14f1ce9

    • SHA512

      76832a4d62c3e8aafdb6cb0b4f7de9ab66a74905077180e8f7dd2c7480d5e58a85cf81a604f71630785c4d675d5725d20721180e801df44b746457d4f1f0b116

    • SSDEEP

      3072:IfB3ShiS5rGTRGfMNzg/60Hby2T5DD7diinCHMH84er3A/uFQ7eeTz14jCv:IZ3ShiwrGTUf4E/xijc8Fr3PFaTz1h

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation

                    Tasks