3a6ca7bf06a93866761ff6f6d74c7472695ded1a2b7dac4532eeb627d416a94c | Triage

Sharing

General

Target

NEAS.dbf79e5e45d8e8facfd4f37fa2d45ef0.exe
Size

293KB
Sample

231014-j7kxqaag62
MD5

dbf79e5e45d8e8facfd4f37fa2d45ef0
SHA1

1892bde2511dd941a742ea68eeef9d1b1a467ddf
SHA256

3a6ca7bf06a93866761ff6f6d74c7472695ded1a2b7dac4532eeb627d416a94c
SHA512

c214428525bbd2acd0a9b879025ba2a10d4b307bd1ba00128bcc0c0e6e2fbf5a68b4bc9df175762e409edf362b19c5f46f41f52de8754dd313f423c50eb2cd40
SSDEEP

3072:AygCullUQN7gsBh1L1QygCullUQN7gsBh1L1o:ARleK7712RleK771W

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  NEAS.dbf79e5e45d8e8facfd4f37fa2d45ef0.exe
- Size
  
  293KB
- MD5
  
  dbf79e5e45d8e8facfd4f37fa2d45ef0
- SHA1
  
  1892bde2511dd941a742ea68eeef9d1b1a467ddf
- SHA256
  
  3a6ca7bf06a93866761ff6f6d74c7472695ded1a2b7dac4532eeb627d416a94c
- SHA512
  
  c214428525bbd2acd0a9b879025ba2a10d4b307bd1ba00128bcc0c0e6e2fbf5a68b4bc9df175762e409edf362b19c5f46f41f52de8754dd313f423c50eb2cd40
- SSDEEP
  
  3072:AygCullUQN7gsBh1L1QygCullUQN7gsBh1L1o:ARleK7712RleK771W
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Modifies Installed Components in the registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence