08a62815eabccc8dbc7babe0dfabcae9cb37a20f66373ca0bb7254c7e6c6f1bb

Sharing

Copy URL

Twitter E-mail

General

Target

08a62815eabccc8dbc7babe0dfabcae9cb37a20f66373ca0bb7254c7e6c6f1bb
Size

1.8MB
MD5

87dd6a06cba3e35bc4d3584a78e418ad
SHA1

c9b25177db2f6eaddb4b028a9284b4fb5c3ffcd0
SHA256

08a62815eabccc8dbc7babe0dfabcae9cb37a20f66373ca0bb7254c7e6c6f1bb
SHA512

70db262c8c9886f6608e95e775f9ab340bc1aefc15dbcccf2e751ee0d5ed0ef60f71f6de9ed9fd50c649ebd6c2c1cfe9b668c2522df5216855150b8c9c8779bf
SSDEEP

49152:jmz/qUEGpeNQdBtOem4wwFZHBDPWRj+F27YL9IHUYSh:jm/EG4NEOem4ww3yY27yYSh

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
sample	cryptone

Files

08a62815eabccc8dbc7babe0dfabcae9cb37a20f66373ca0bb7254c7e6c6f1bb
.exe windows x64

ca254917d0c687a5ca96852cf1381774

Code Sign

db:6f:e0:46:f1:19:82:0a:e2:68:e5:73:6b:ab:90:27
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

17-11-2020 00:00

Not After

17-11-2021 23:59

Subject

CN=KOMPLEKS BUD TECH SP Z O O,O=KOMPLEKS BUD TECH SP Z O O,POSTALCODE=53-345,STREET=Ul. Komandorska 51-1,L=Wroclaw,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c3:49:e7:75:49:b3:36:b9:07:a4:ec:34:77:1f:bd:75:50:65:70:af
Signer

Actual PE Digest

c3:49:e7:75:49:b3:36:b9:07:a4:ec:34:77:1f:bd:75:50:65:70:af

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=KOMPLEKS BUD TECH SP Z O O,O=KOMPLEKS BUD TECH SP Z O O,POSTALCODE=53-345,STREET=Ul. Komandorska 51-1,L=Wroclaw,C=PL

20-01-2023 16:03
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleHandleA

user32

ShowCaret
GetLastActivePopup
LoadIconA
GetForegroundWindow
GetDesktopWindow

advapi32

RegQueryValueExW
RegOpenKeyW

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data2
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca254917d0c687a5ca96852cf1381774

Code Sign

db:6f:e0:46:f1:19:82:0a:e2:68:e5:73:6b:ab:90:27Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

c3:49:e7:75:49:b3:36:b9:07:a4:ec:34:77:1f:bd:75:50:65:70:afSigner

Signature Validations

Verification

20-01-2023 16:03 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 1024B - Virtual size: 632B

.data Size: 512B - Virtual size: 944B

.pdata Size: 512B - Virtual size: 144B

.data2 Size: 512B - Virtual size: 100B

.rsrc Size: 37KB - Virtual size: 37KB

db:6f:e0:46:f1:19:82:0a:e2:68:e5:73:6b:ab:90:27
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

c3:49:e7:75:49:b3:36:b9:07:a4:ec:34:77:1f:bd:75:50:65:70:af
Signer

20-01-2023 16:03
Valid: false

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 1024B - Virtual size: 632B

.data
Size: 512B - Virtual size: 944B

.pdata
Size: 512B - Virtual size: 144B

.data2
Size: 512B - Virtual size: 100B

.rsrc
Size: 37KB - Virtual size: 37KB