General
-
Target
NEAS.dc69adcdc6d5788c28d252623e54c390.exe
-
Size
132KB
-
Sample
231014-xy9flsbd44
-
MD5
dc69adcdc6d5788c28d252623e54c390
-
SHA1
9fd17397d223f566e20b81d5a38c575f6bb5ae8d
-
SHA256
b04bcabc9974352d2872a5fc347495758ec51fa80d71de1f47a97afe13c1de79
-
SHA512
67dc3c5bf5deec30ef72dbd25980119c81f2a3c7c1f3305a845d463b9f4b3574d8a9812a8574534ffe71bfe1dd85a13a8f864d9fcafece12f272ff22e4b9d2f5
-
SSDEEP
1536:4KwevHIgowXxqVKg6oC5LAQ5RTgujbDLVXQjmGp9Mx1b++sbNBgc4B9ztGABzmY/:cwXSKVZR8kLV9V1bYy39RZ++8Et
Malware Config
Targets
-
-
Target
NEAS.dc69adcdc6d5788c28d252623e54c390.exe
-
Size
132KB
-
MD5
dc69adcdc6d5788c28d252623e54c390
-
SHA1
9fd17397d223f566e20b81d5a38c575f6bb5ae8d
-
SHA256
b04bcabc9974352d2872a5fc347495758ec51fa80d71de1f47a97afe13c1de79
-
SHA512
67dc3c5bf5deec30ef72dbd25980119c81f2a3c7c1f3305a845d463b9f4b3574d8a9812a8574534ffe71bfe1dd85a13a8f864d9fcafece12f272ff22e4b9d2f5
-
SSDEEP
1536:4KwevHIgowXxqVKg6oC5LAQ5RTgujbDLVXQjmGp9Mx1b++sbNBgc4B9ztGABzmY/:cwXSKVZR8kLV9V1bYy39RZ++8Et
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2