General
-
Target
NEAS.c5be765fb811ba6ee330ce34489c3e40.exe
-
Size
206KB
-
Sample
231013-zfawfahg34
-
MD5
c5be765fb811ba6ee330ce34489c3e40
-
SHA1
4c98496db0aa5c25bf5f940d449f3faa8e53dcf1
-
SHA256
38e2284c1ff0b7feb38573a812bca812c278cc93b04f8540a8d6eb8cc7f55db1
-
SHA512
b136e99cc54cd730b9643d4a407967f598fce2332430f51182e14d05182182aa452b5a4b1ecdb6663e429cf1e171e86bf2c74ce0c3627d0a4eb360296cf7ba74
-
SSDEEP
3072:lvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6un2u:lvEN2U+T6i5LirrllHy4HUcMQY64
Malware Config
Targets
-
-
Target
NEAS.c5be765fb811ba6ee330ce34489c3e40.exe
-
Size
206KB
-
MD5
c5be765fb811ba6ee330ce34489c3e40
-
SHA1
4c98496db0aa5c25bf5f940d449f3faa8e53dcf1
-
SHA256
38e2284c1ff0b7feb38573a812bca812c278cc93b04f8540a8d6eb8cc7f55db1
-
SHA512
b136e99cc54cd730b9643d4a407967f598fce2332430f51182e14d05182182aa452b5a4b1ecdb6663e429cf1e171e86bf2c74ce0c3627d0a4eb360296cf7ba74
-
SSDEEP
3072:lvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6un2u:lvEN2U+T6i5LirrllHy4HUcMQY64
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1