152285e43b43e21b5565498c9fd20cefd8a4e0f88077b72786665ff16315b184 | Triage

Sharing

General

Target

NEAS.d2093a12c26ccb442b4f3ff378505640.exe
Size

297KB
Sample

231013-zhpglsag76
MD5

d2093a12c26ccb442b4f3ff378505640
SHA1

3cb6d0611aeab0de663c6ce393cb4f66cff12807
SHA256

152285e43b43e21b5565498c9fd20cefd8a4e0f88077b72786665ff16315b184
SHA512

fad41cdcbe12ce2f409cbae48f9991e4983f5348db91404c08650977c1aef5b610013a623a7778b10d2e33470944b137c7e5ded8a7d479fb5d1429eb4e3bd5dd
SSDEEP

6144:/pW2bgbbV28okoS1oWMkdlZQ5iinNrv26OoN:/pW2IoioS6N

Score

10^/10

discovery evasion exploit persistence trojan

Malware Config

Targets

- Target
  
  NEAS.d2093a12c26ccb442b4f3ff378505640.exe
- Size
  
  297KB
- MD5
  
  d2093a12c26ccb442b4f3ff378505640
- SHA1
  
  3cb6d0611aeab0de663c6ce393cb4f66cff12807
- SHA256
  
  152285e43b43e21b5565498c9fd20cefd8a4e0f88077b72786665ff16315b184
- SHA512
  
  fad41cdcbe12ce2f409cbae48f9991e4983f5348db91404c08650977c1aef5b610013a623a7778b10d2e33470944b137c7e5ded8a7d479fb5d1429eb4e3bd5dd
- SSDEEP
  
  6144:/pW2bgbbV28okoS1oWMkdlZQ5iinNrv26OoN:/pW2IoioS6N
Score

10^/10

discovery evasion exploit persistence trojan
- UAC bypass
  evasion trojan
- Disables Task Manager via registry modification
  evasion
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies file permissions
  discovery
- Modifies system executable filetype association
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Event Triggered Execution

Change Default File Association

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

File and Directory Permissions Modification

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionexploitpersistencetrojan

behavioral2

evasionpersistencetrojan