9f115f938f24dd6beb2f02e9ce04be9549f689a5ea3edb35389315d3976542f4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.729881118a5173d6f0228e31fc522ac0.exe
Size

309KB
Sample

231013-y8v7eada57
MD5

729881118a5173d6f0228e31fc522ac0
SHA1

3e256bf4d9db65ffc91bf28735c628e36fa015de
SHA256

9f115f938f24dd6beb2f02e9ce04be9549f689a5ea3edb35389315d3976542f4
SHA512

8c3e5e6c617a6f966069bd7407790e57ad1d7c4ac35026415d8c673548db873a97b7f5de5e1782c9f686ce71d5d76c0273e5d45de20baf8ab63c17a31574386f
SSDEEP

6144:JBv7ib4gfGWcmsQ+/gbG0xlfPpndiVP7qoU:f7XZa+/gbGUXBdiVTE

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  NEAS.729881118a5173d6f0228e31fc522ac0.exe
- Size
  
  309KB
- MD5
  
  729881118a5173d6f0228e31fc522ac0
- SHA1
  
  3e256bf4d9db65ffc91bf28735c628e36fa015de
- SHA256
  
  9f115f938f24dd6beb2f02e9ce04be9549f689a5ea3edb35389315d3976542f4
- SHA512
  
  8c3e5e6c617a6f966069bd7407790e57ad1d7c4ac35026415d8c673548db873a97b7f5de5e1782c9f686ce71d5d76c0273e5d45de20baf8ab63c17a31574386f
- SSDEEP
  
  6144:JBv7ib4gfGWcmsQ+/gbG0xlfPpndiVP7qoU:f7XZa+/gbGUXBdiVTE
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence