dbea63a5288ad81e108db81ab75b9b78f60469facb9fe7ef768c6a3f7710d5eb | Triage

Submit
Reports

Overview

overview

9

Static

static

9

dbea63a528...eb.exe

windows7-x64

9

dbea63a528...eb.exe

windows10-2004-x64

9

Sharing

General

Target

dbea63a5288ad81e108db81ab75b9b78f60469facb9fe7ef768c6a3f7710d5eb.exe
Size

22.7MB
Sample

240308-c4qv8sec4w
MD5

bfc65ce21e22544286826e26a5ec45ef
SHA1

e27dc55c11a9b10ca3966f1f7fec14e064c7d717
SHA256

dbea63a5288ad81e108db81ab75b9b78f60469facb9fe7ef768c6a3f7710d5eb
SHA512

9866b4573795264972abf7c31f7056cdc17edc4c249fba487a0c583866991cc168ecb2e8e95c6ed2bb3f9e31bd4f485ae7264e7d555dcccf573417b1b50fc7b3
SSDEEP

393216:4CniWcrE+N29tz2cDhctoqfv42GhoxAq8kZ/Pnin2um6h/rhg03X1nqW4A0ySQyG:fniWc4+N8tkv42GhoxAcs/rhtXdN4wp

Score

9^/10

cryptone discovery evasion packer trojan

Static task

static1

cryptone packer

1 signatures

Behavioral task

behavioral1

Sample

dbea63a5288ad81e108db81ab75b9b78f60469facb9fe7ef768c6a3f7710d5eb.exe

Resource

win7-20240221-en

cryptone discovery evasion packer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

dbea63a5288ad81e108db81ab75b9b78f60469facb9fe7ef768c6a3f7710d5eb.exe

Resource

win10v2004-20240226-en

cryptone discovery evasion packer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  dbea63a5288ad81e108db81ab75b9b78f60469facb9fe7ef768c6a3f7710d5eb.exe
- Size
  
  22.7MB
- MD5
  
  bfc65ce21e22544286826e26a5ec45ef
- SHA1
  
  e27dc55c11a9b10ca3966f1f7fec14e064c7d717
- SHA256
  
  dbea63a5288ad81e108db81ab75b9b78f60469facb9fe7ef768c6a3f7710d5eb
- SHA512
  
  9866b4573795264972abf7c31f7056cdc17edc4c249fba487a0c583866991cc168ecb2e8e95c6ed2bb3f9e31bd4f485ae7264e7d555dcccf573417b1b50fc7b3
- SSDEEP
  
  393216:4CniWcrE+N29tz2cDhctoqfv42GhoxAq8kZ/Pnin2um6h/rhg03X1nqW4A0ySQyG:fniWc4+N8tkv42GhoxAcs/rhtXdN4wp
Score

9^/10

cryptone discovery evasion packer trojan
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cryptonediscoveryevasionpackertrojan

behavioral2

cryptonediscoveryevasionpackertrojan

© 2018-2024

Terms | Privacy