General
-
Target
NEAS.19ad0a8933444fef529eebfc0c015140_JC.exe
-
Size
112KB
-
Sample
231014-q2b6yseh4v
-
MD5
19ad0a8933444fef529eebfc0c015140
-
SHA1
2a7ecdb95fb655e33ca8791a66b6e52e7f65b452
-
SHA256
72ce558438ce0c94ade7a0d1b7aab4f3163b40c52785f994ce4a8265bc5cd40c
-
SHA512
f3254200575eda2048332cbc4a87d29a816f80597b4803042e05ad28c2019ef7309c49104f318e7de7069a74ae9db0bf92338e710eeebfbebec494f056bab50c
-
SSDEEP
1536:9acTW6flUmAJIVMvnwRcpzonFdqquwo2NSKlnayY72j0MYszD3l1JeJ:Mk3lTgIVdRGdqS6SKlp+2ITglOJ
Malware Config
Targets
-
-
Target
NEAS.19ad0a8933444fef529eebfc0c015140_JC.exe
-
Size
112KB
-
MD5
19ad0a8933444fef529eebfc0c015140
-
SHA1
2a7ecdb95fb655e33ca8791a66b6e52e7f65b452
-
SHA256
72ce558438ce0c94ade7a0d1b7aab4f3163b40c52785f994ce4a8265bc5cd40c
-
SHA512
f3254200575eda2048332cbc4a87d29a816f80597b4803042e05ad28c2019ef7309c49104f318e7de7069a74ae9db0bf92338e710eeebfbebec494f056bab50c
-
SSDEEP
1536:9acTW6flUmAJIVMvnwRcpzonFdqquwo2NSKlnayY72j0MYszD3l1JeJ:Mk3lTgIVdRGdqS6SKlp+2ITglOJ
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2