7010c254a17f211b0806fd60793039b81bdcb7fda24eb9f542ad112d5fafee7a | Triage

Sharing

General

Target

NEAS.df46ff506851a0e54a89fd5698454b00.exe
Size

204KB
Sample

231022-v3cakahg5y
MD5

df46ff506851a0e54a89fd5698454b00
SHA1

28ea23bd383ee7a1604cddbd95094932464da2ef
SHA256

7010c254a17f211b0806fd60793039b81bdcb7fda24eb9f542ad112d5fafee7a
SHA512

7c0d613b90947f30040fe49a16d16bec8c70c6e0b1d518d9b411039747f674109af3680a988b5ba8e24d7f6804175bc060beb9e236982ee74992ea09b2c71832
SSDEEP

3072:Fm0W8mR90tQ9nLHbB9W0c1TqECzR/mkSYGrl9ymgYUWK4:8pn4QxL7B9W0c1RCzR/fSml4

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  NEAS.df46ff506851a0e54a89fd5698454b00.exe
- Size
  
  204KB
- MD5
  
  df46ff506851a0e54a89fd5698454b00
- SHA1
  
  28ea23bd383ee7a1604cddbd95094932464da2ef
- SHA256
  
  7010c254a17f211b0806fd60793039b81bdcb7fda24eb9f542ad112d5fafee7a
- SHA512
  
  7c0d613b90947f30040fe49a16d16bec8c70c6e0b1d518d9b411039747f674109af3680a988b5ba8e24d7f6804175bc060beb9e236982ee74992ea09b2c71832
- SSDEEP
  
  3072:Fm0W8mR90tQ9nLHbB9W0c1TqECzR/mkSYGrl9ymgYUWK4:8pn4QxL7B9W0c1RCzR/fSml4
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence