Overview

overview

9

Static

static

3

Device/Har...id.exe

windows7-x64

9

Device/Har...id.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RxvUgid.exe

  • Size

    165KB

  • Sample

    250327-fpgwkazlt4

  • MD5

    5c4a0882e7c63fcd5b468de0ea4f26c9

  • SHA1

    cf86bc53c1187c5a99fec6a8197a82b3b66d1a5e

  • SHA256

    3617d444e42fa974e1d19b92734c61ee39cc4f9b87063c8a05285080675b0eb5

  • SHA512

    290bef9454a66dd05826d695582b83fcc2ecb3dd2d631836082a09111d7a22ca7766b7332bdc03856aa8352dc3ab045fd5473252f3c1819b9970e08f6faca6f0

  • SSDEEP

    3072:TM69jyljdHohqtw1TQisgado28E1IZ/OYZNpyd80uPsDfUTTag8AGvjVoe9ljzP:gZPHohqt5isgadE227M80ffYTBuowlPP

Score
9/10
cryptonediscoverypackerpersistence

Malware Config

Targets

    • Target

      Device/HarddiskVolume3/Users/cijythomas/AppData/Local/Temp/VGnVC/RxvUgid.exe

    • Size

      331KB

    • MD5

      4070c1b2f119349afed9083deb6227cb

    • SHA1

      df2fa904a5c7ac697acbc26f4b14825593c4e38c

    • SHA256

      a61f108406734cdba760fd0f7e366fde2c5746bdbedd69ac16aa4553f3e09938

    • SHA512

      f9de3fe0f0df7f5e601f0245a5f37c0f312755e0256423df97f1b89daeca032bdad35c6fbd430e2c4be56a0ec29202bd2a7e4171fbf7abf6b29308258c10325d

    • SSDEEP

      6144:hhrZyfh3Ja/H2YTxpJrY/Lhr3iaYhmQL7Zwb7:frZyfRJa/H26xpJc/ZSaYht/Zw

    Score
    9/10
    cryptonediscoverypackerpersistence

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

      cryptonepacker

    • Deletes itself

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks