Analysis
-
max time kernel
158s -
max time network
166s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
13-10-2023 16:49
General
-
Target
NEAS.NEASNEAS5b3a23e46741b8bf42575bf3c826476396629b890ad400a5d4d442cf336d0eb5exeexeexe_JC.exe
-
Size
799KB
-
MD5
9858cc3c85ac5531c78baae8cc765b22
-
SHA1
4c2d06a81ef520d76a3b01bf84bcc207ad746542
-
SHA256
5b3a23e46741b8bf42575bf3c826476396629b890ad400a5d4d442cf336d0eb5
-
SHA512
8d56bd94fd4d8f3b02d29d4b0b0a6970b7cf8562081c128c22d3ed89424d2e51892159c600d549d152d1e1a5c829f818d9f3310b895cf7a07d677c2630c823ff
-
SSDEEP
12288:NwJvI7ow/WykB0YU1FEZL134yRZbZFWZHQjxcShVqambmpjfuwUXVY:mJsokYU70LF4IZ1FQH8cShoaomHUe
Malware Config
Signatures
-
Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Suspicious behavior: EnumeratesProcesses 16 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.NEASNEAS5b3a23e46741b8bf42575bf3c826476396629b890ad400a5d4d442cf336d0eb5exeexeexe_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.NEASNEAS5b3a23e46741b8bf42575bf3c826476396629b890ad400a5d4d442cf336d0eb5exeexeexe_JC.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10B
MD5c30ec813ad5575fe12ce3ebfdaecac1d
SHA1389e2c2226b3b4a30914a0aaccb2555af3de2cd1
SHA256fd54ec48037af98fa7cf050d975a62d9a54a84a1f2b4cf68c8f58f4b72961f01
SHA512001947e2f17a9c8071d3f8a5c0893e38e8e35fca1ccc37fbac1dc68b4dde646a808883251ff4760b2b8ed79a81878a81bf8c22a8c7f961497c15b9b5dff85989