99820cc9b27b611aa119a755d0c73d70309d9b29892aa064900dee742088251a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.2a0bb140ecc0d40b0fbfec2278672930_JC.exe
Size

145KB
Sample

231022-syvv1acb78
MD5

2a0bb140ecc0d40b0fbfec2278672930
SHA1

ebec77869cd36f98d5a205232519cb1aec507fb5
SHA256

99820cc9b27b611aa119a755d0c73d70309d9b29892aa064900dee742088251a
SHA512

98f09556ee8f5add3f46d8f83ac2427e8fcb3a76dd8497350dc2c8255ced7d8f9441505ded81f861485d1a624165df0a7bebef006f3746793af3b439cca68acc
SSDEEP

3072:J3UG0Trxel16r6cLlFSEDfO/rdVb2C/tld2w056nNmA0M0BN21j:J3ZCImGMNfzYHd2yNt0E

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  NEAS.2a0bb140ecc0d40b0fbfec2278672930_JC.exe
- Size
  
  145KB
- MD5
  
  2a0bb140ecc0d40b0fbfec2278672930
- SHA1
  
  ebec77869cd36f98d5a205232519cb1aec507fb5
- SHA256
  
  99820cc9b27b611aa119a755d0c73d70309d9b29892aa064900dee742088251a
- SHA512
  
  98f09556ee8f5add3f46d8f83ac2427e8fcb3a76dd8497350dc2c8255ced7d8f9441505ded81f861485d1a624165df0a7bebef006f3746793af3b439cca68acc
- SSDEEP
  
  3072:J3UG0Trxel16r6cLlFSEDfO/rdVb2C/tld2w056nNmA0M0BN21j:J3ZCImGMNfzYHd2yNt0E
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2