General
-
Target
NEAS.3c101d481dc1283c3789f7d210a5ea30.exe
-
Size
124KB
-
Sample
231021-z5gehsea73
-
MD5
3c101d481dc1283c3789f7d210a5ea30
-
SHA1
05cb82d4f529cc308442980a66409619bb9867ad
-
SHA256
687809e071572866c02b4a70a1f44bedc8497a79cdf1af467a9b57d3abe5fb3c
-
SHA512
54cd954603d8d1b5b9db77453e7234bcfb961db018925a574227728c9975065f7f0f1f8ab34e8d78d77e75a8aa72aecb24e52b0390e2fa039743a4d887176cb1
-
SSDEEP
3072:nS6eWjnFO6q+7kEEbXExseoeHqHpOcdElGIrGMhF:SQrFO6q+hIXExbn
Malware Config
Targets
-
-
Target
NEAS.3c101d481dc1283c3789f7d210a5ea30.exe
-
Size
124KB
-
MD5
3c101d481dc1283c3789f7d210a5ea30
-
SHA1
05cb82d4f529cc308442980a66409619bb9867ad
-
SHA256
687809e071572866c02b4a70a1f44bedc8497a79cdf1af467a9b57d3abe5fb3c
-
SHA512
54cd954603d8d1b5b9db77453e7234bcfb961db018925a574227728c9975065f7f0f1f8ab34e8d78d77e75a8aa72aecb24e52b0390e2fa039743a4d887176cb1
-
SSDEEP
3072:nS6eWjnFO6q+7kEEbXExseoeHqHpOcdElGIrGMhF:SQrFO6q+hIXExbn
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2