70efdb5ad1b10c7f5c6a10b41acfade0f2100bdd37c3e2cb111f6b2641b4d773 | Triage

Sharing

General

Target

NEAS.4b9646f51e2271f5c5fdc6a45751caf0.exe
Size

385KB
Sample

231014-wgrnssab4z
MD5

4b9646f51e2271f5c5fdc6a45751caf0
SHA1

631907e1853f1d7977176c7931837ba1e02708cc
SHA256

70efdb5ad1b10c7f5c6a10b41acfade0f2100bdd37c3e2cb111f6b2641b4d773
SHA512

cc17e7958ae4ecbf2b8a6b432602e44202bf18ea9755252748d475a31898d904b0ca303174ea1e4f5739a3ff551893c1148cbddf5a76db3769c55d9e4f4ee6ce
SSDEEP

6144:/pW2bgbbV28okoS1oWMkdlZQ5JU10d5Kn8n7XPW:/pW2IoioS6e

Score

10^/10

discovery evasion exploit persistence trojan

Malware Config

Targets

- Target
  
  NEAS.4b9646f51e2271f5c5fdc6a45751caf0.exe
- Size
  
  385KB
- MD5
  
  4b9646f51e2271f5c5fdc6a45751caf0
- SHA1
  
  631907e1853f1d7977176c7931837ba1e02708cc
- SHA256
  
  70efdb5ad1b10c7f5c6a10b41acfade0f2100bdd37c3e2cb111f6b2641b4d773
- SHA512
  
  cc17e7958ae4ecbf2b8a6b432602e44202bf18ea9755252748d475a31898d904b0ca303174ea1e4f5739a3ff551893c1148cbddf5a76db3769c55d9e4f4ee6ce
- SSDEEP
  
  6144:/pW2bgbbV28okoS1oWMkdlZQ5JU10d5Kn8n7XPW:/pW2IoioS6e
Score

10^/10

evasion persistence trojan discovery exploit
- UAC bypass
  evasion trojan
- Disables Task Manager via registry modification
  evasion
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies file permissions
  discovery
- Modifies system executable filetype association
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Event Triggered Execution

Change Default File Association

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

File and Directory Permissions Modification

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

discoveryevasionexploitpersistencetrojan