General
-
Target
NEAS.9deb1732a9effea14bda5a95d317eca0.exe
-
Size
3.1MB
-
Sample
231016-w51llsgg8t
-
MD5
9deb1732a9effea14bda5a95d317eca0
-
SHA1
34e25c528cc4885ffa7242e942f30f82c5c7edf0
-
SHA256
173627f0dd0ba8d7cf632da393754e7b466fdb8ab83c588d28e2cdae94bdb021
-
SHA512
2698788302dec0f809e2c76e4da7ca3a170609ffa22fde083cffe22fca679bfd04b36af219d7f23d3106ec044b75fcea2ea5903763b07a7289857f6a050c4067
-
SSDEEP
49152:+UJ6ZNXox4SgJhBsfHJq/nCFT4Mv0Pt97p:+tR4xGnCtvw9
Malware Config
Targets
-
-
Target
NEAS.9deb1732a9effea14bda5a95d317eca0.exe
-
Size
3.1MB
-
MD5
9deb1732a9effea14bda5a95d317eca0
-
SHA1
34e25c528cc4885ffa7242e942f30f82c5c7edf0
-
SHA256
173627f0dd0ba8d7cf632da393754e7b466fdb8ab83c588d28e2cdae94bdb021
-
SHA512
2698788302dec0f809e2c76e4da7ca3a170609ffa22fde083cffe22fca679bfd04b36af219d7f23d3106ec044b75fcea2ea5903763b07a7289857f6a050c4067
-
SSDEEP
49152:+UJ6ZNXox4SgJhBsfHJq/nCFT4Mv0Pt97p:+tR4xGnCtvw9
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
UAC bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1