6a49856599f02cd87ed3e7ce5623be3d5aea32a57841ed40f87cfc908503283b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.e91f199d09026076d58751affe8e3880.exe
Size

560KB
Sample

231021-1fz11ach52
MD5

e91f199d09026076d58751affe8e3880
SHA1

68995ca1b40a27109c3ddf7e276a81d4529c5117
SHA256

6a49856599f02cd87ed3e7ce5623be3d5aea32a57841ed40f87cfc908503283b
SHA512

b9e5747199e54ac18aefd5093329acf2950f7c8de11f07f1f9c3b7be1774eb11fbdb6a845f14ea9ec4ed736d630691274f89daf74c3c6561dc7e66e848448dc8
SSDEEP

6144:2BDHmrz4niNy8o3Zp/TWt+g4RQTDUBO8/2vh+ziDV8m56TBac2Gui:wDHmoniNy8L8g4RgoBO8/2vhDX56TR

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  NEAS.e91f199d09026076d58751affe8e3880.exe
- Size
  
  560KB
- MD5
  
  e91f199d09026076d58751affe8e3880
- SHA1
  
  68995ca1b40a27109c3ddf7e276a81d4529c5117
- SHA256
  
  6a49856599f02cd87ed3e7ce5623be3d5aea32a57841ed40f87cfc908503283b
- SHA512
  
  b9e5747199e54ac18aefd5093329acf2950f7c8de11f07f1f9c3b7be1774eb11fbdb6a845f14ea9ec4ed736d630691274f89daf74c3c6561dc7e66e848448dc8
- SSDEEP
  
  6144:2BDHmrz4niNy8o3Zp/TWt+g4RQTDUBO8/2vh+ziDV8m56TBac2Gui:wDHmoniNy8L8g4RgoBO8/2vhDX56TR
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2