1b371acf222005ea1b34043a9564b71639c6931bb8715895eeadf55d93f5f139 | Triage

Sharing

General

Target

NEAS.NEAS1b371acf222005ea1b34043a9564b71639c6931bb8715895eeadf55d93f5f139exeexe_JC.exe
Size

4.2MB
Sample

231021-wqn92aaa33
MD5

ed103156b3c59b8fdb8835669621df16
SHA1

dedf2318543b53c26563634d04f9e22e9efcf849
SHA256

1b371acf222005ea1b34043a9564b71639c6931bb8715895eeadf55d93f5f139
SHA512

9660b20e9df4d8dc3c73b9383d0d35507da4190588c5ccaadbfde39375cf9a537f05ea5c8a9bbd4355a74dbda0702a08b332c3813769e948ef659480d5804391
SSDEEP

49152:QQyV3YBybPP3NSqBfTna5ouw4yAhYVvdEnfZeosfJ5OV/Sm/+fCYyWj1aZeKv1x+:IhxzP3MqBfTluw4yctnfZeosyVtga

Score

8^/10

Malware Config

Targets

- Target
  
  NEAS.NEAS1b371acf222005ea1b34043a9564b71639c6931bb8715895eeadf55d93f5f139exeexe_JC.exe
- Size
  
  4.2MB
- MD5
  
  ed103156b3c59b8fdb8835669621df16
- SHA1
  
  dedf2318543b53c26563634d04f9e22e9efcf849
- SHA256
  
  1b371acf222005ea1b34043a9564b71639c6931bb8715895eeadf55d93f5f139
- SHA512
  
  9660b20e9df4d8dc3c73b9383d0d35507da4190588c5ccaadbfde39375cf9a537f05ea5c8a9bbd4355a74dbda0702a08b332c3813769e948ef659480d5804391
- SSDEEP
  
  49152:QQyV3YBybPP3NSqBfTna5ouw4yAhYVvdEnfZeosfJ5OV/Sm/+fCYyWj1aZeKv1x+:IhxzP3MqBfTluw4yctnfZeosyVtga
Score

8^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2