neshta | ff1bc03bafef8dedaa9487f0ae971ff1a7b44919de195f303a055014b92e0203 | Triage

Submit
Reports

Overview

overview

Static

static

ff1bc03baf...03.exe

windows7-x64

ff1bc03baf...03.exe

windows10-2004-x64

Sharing

General

Target

ff1bc03bafef8dedaa9487f0ae971ff1a7b44919de195f303a055014b92e0203
Size

934KB
Sample

221121-stkt8sah3y
MD5

27dd86918eb6c0d362577732a3d91640
SHA1

0584a7a02af0e60ae0b227d61ff1efd78687afb5
SHA256

ff1bc03bafef8dedaa9487f0ae971ff1a7b44919de195f303a055014b92e0203
SHA512

fd659ebf30bfdd1cfcd8bff1b30674de9e05b50a3d14744114acd7ca6538b4a599ccea09809349ec1b45d3bc98efb60ebe5e992c032e05397f8a388a16f4fd15
SSDEEP

24576:w4Z/TzBDwdltwdltwdltwdltwdltwdltwdltwdltwdltwdltwdllwdls:w4QeeeeeeeeeeWs

Score

10^/10

neshta discovery evasion persistence trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

ff1bc03bafef8dedaa9487f0ae971ff1a7b44919de195f303a055014b92e0203.exe

Resource

win7-20221111-en

discovery evasion persistence trojan upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

ff1bc03bafef8dedaa9487f0ae971ff1a7b44919de195f303a055014b92e0203.exe

Resource

win10v2004-20221111-en

discovery evasion persistence trojan upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  ff1bc03bafef8dedaa9487f0ae971ff1a7b44919de195f303a055014b92e0203
- Size
  
  934KB
- MD5
  
  27dd86918eb6c0d362577732a3d91640
- SHA1
  
  0584a7a02af0e60ae0b227d61ff1efd78687afb5
- SHA256
  
  ff1bc03bafef8dedaa9487f0ae971ff1a7b44919de195f303a055014b92e0203
- SHA512
  
  fd659ebf30bfdd1cfcd8bff1b30674de9e05b50a3d14744114acd7ca6538b4a599ccea09809349ec1b45d3bc98efb60ebe5e992c032e05397f8a388a16f4fd15
- SSDEEP
  
  24576:w4Z/TzBDwdltwdltwdltwdltwdltwdltwdltwdltwdltwdltwdllwdls:w4QeeeeeeeeeeWs
Score

10^/10

discovery evasion persistence trojan upx
- UAC bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojanupx

behavioral2

discoveryevasionpersistencetrojanupx

© 2018-2024

Terms | Privacy