General

  • Target

    01444f7fd7509238af9fd25701a637c0N.exe

  • Size

    212KB

  • Sample

    240814-b42r3aygql

  • MD5

    01444f7fd7509238af9fd25701a637c0

  • SHA1

    cb7a1af7e521ce4cf52b8aaa65eb41699ac3f625

  • SHA256

    75ab84d8d776893a46882e039caa1828633a395419d2040a009985202b2016e7

  • SHA512

    37653a7d746221dedb185ce912f346159d52d791da46a7e46f1b5464635c02d362fb051aac50ace3df2c1b93b41ca6487c0e44f77509c62b28b3075c484414e6

  • SSDEEP

    3072:pVMZEBUvx7CiTS+kA7lJ1Gn7UgHlpyzPm3KnCPjhQutOUzR+aP/wv+9CkdB5SX9W:3MZWSx7yApJ4Qz9nK9ld+anwA/uX9W

Malware Config

Targets

    • Target

      01444f7fd7509238af9fd25701a637c0N.exe

    • Size

      212KB

    • MD5

      01444f7fd7509238af9fd25701a637c0

    • SHA1

      cb7a1af7e521ce4cf52b8aaa65eb41699ac3f625

    • SHA256

      75ab84d8d776893a46882e039caa1828633a395419d2040a009985202b2016e7

    • SHA512

      37653a7d746221dedb185ce912f346159d52d791da46a7e46f1b5464635c02d362fb051aac50ace3df2c1b93b41ca6487c0e44f77509c62b28b3075c484414e6

    • SSDEEP

      3072:pVMZEBUvx7CiTS+kA7lJ1Gn7UgHlpyzPm3KnCPjhQutOUzR+aP/wv+9CkdB5SX9W:3MZWSx7yApJ4Qz9nK9ld+anwA/uX9W

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks