Overview

overview

7

Static

static

3

NEAS.c6a1f...80.exe

windows7-x64

1

NEAS.c6a1f...80.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.c6a1f54706af190cda21d0239e8a6080.exe

  • Size

    76KB

  • Sample

    231016-w9jtnaba8s

  • MD5

    c6a1f54706af190cda21d0239e8a6080

  • SHA1

    2c2924f13dc36abf9a94df28514b79d51541c59e

  • SHA256

    e44bb573518960e250c43c01e802d7b3416088b7715b7dd34209da73f6cf296a

  • SHA512

    a7619030f45c0fed15e954ef652f3d1640e9ddd0a513f2417eeecc4182f26b9824803eb25a42d2ea01af8c6c07bdb623b9f13cfbb5567a7b25ec94e5d0aabc5a

  • SSDEEP

    1536:MvP69lUyW1UwzJmWRaD1gXI7uMrpzrnacxfzZ1:G69lU2UmWVXI7uMlzTFz7

Score
7/10
persistenceupx

Malware Config

Targets

    • Target

      NEAS.c6a1f54706af190cda21d0239e8a6080.exe

    • Size

      76KB

    • MD5

      c6a1f54706af190cda21d0239e8a6080

    • SHA1

      2c2924f13dc36abf9a94df28514b79d51541c59e

    • SHA256

      e44bb573518960e250c43c01e802d7b3416088b7715b7dd34209da73f6cf296a

    • SHA512

      a7619030f45c0fed15e954ef652f3d1640e9ddd0a513f2417eeecc4182f26b9824803eb25a42d2ea01af8c6c07bdb623b9f13cfbb5567a7b25ec94e5d0aabc5a

    • SSDEEP

      1536:MvP69lUyW1UwzJmWRaD1gXI7uMrpzrnacxfzZ1:G69lU2UmWVXI7uMlzTFz7

    Score
    7/10
    persistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks