261d975884bb011be5302108f899373fc28f9ed1d54b1d9ad157f69f81c3276a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.bc58f44bb41e555fa993555551270fb0.exe
Size

101KB
Sample

231013-zeeg8sgh96
MD5

bc58f44bb41e555fa993555551270fb0
SHA1

40eecfe8bbcfae03a2ede474536c5075045c025f
SHA256

261d975884bb011be5302108f899373fc28f9ed1d54b1d9ad157f69f81c3276a
SHA512

ff5b3972e72f35262937a817f1fc98f36829d910827e66fdaa81f84a5abfb6150eb5b3b9b49fde3d29c3052664982605e56cff89143c1a7681235dc383de1aef
SSDEEP

3072:lyuRpu9fWWq5g7Hbu5JcrtSwlT2vS67Vz4:lV75SrtSk6Rz4

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  NEAS.bc58f44bb41e555fa993555551270fb0.exe
- Size
  
  101KB
- MD5
  
  bc58f44bb41e555fa993555551270fb0
- SHA1
  
  40eecfe8bbcfae03a2ede474536c5075045c025f
- SHA256
  
  261d975884bb011be5302108f899373fc28f9ed1d54b1d9ad157f69f81c3276a
- SHA512
  
  ff5b3972e72f35262937a817f1fc98f36829d910827e66fdaa81f84a5abfb6150eb5b3b9b49fde3d29c3052664982605e56cff89143c1a7681235dc383de1aef
- SSDEEP
  
  3072:lyuRpu9fWWq5g7Hbu5JcrtSwlT2vS67Vz4:lV75SrtSk6Rz4
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2