2bfef15bc1bb1f0e062d305309ab363693ada9ece4e2dfdbcd9a25b3e3ce4f2e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.d25e8bd9849dc0ff1480b6a21df8c810_JC.exe
Size

395KB
Sample

231023-yv7naaee2x
MD5

d25e8bd9849dc0ff1480b6a21df8c810
SHA1

e0c0b59a7db31bdfaae0ca5f16271a60fca45bc9
SHA256

2bfef15bc1bb1f0e062d305309ab363693ada9ece4e2dfdbcd9a25b3e3ce4f2e
SHA512

91dfa4f3d45a1862531bf3f8e00f4e2d0d19129f095609d81399b99a96a99d81028ce09f82fa4747b732f8690e671cc00a9d08d7efcd642d5a69be6ae4f71af6
SSDEEP

6144:Hx+u5A7Mfqr3joHqqIJYaHlUAEgasjCNl8S0M7+Mgpjhb27/zxOPs:R+upqsHqqNI25g/jKuM5gpNS

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  NEAS.d25e8bd9849dc0ff1480b6a21df8c810_JC.exe
- Size
  
  395KB
- MD5
  
  d25e8bd9849dc0ff1480b6a21df8c810
- SHA1
  
  e0c0b59a7db31bdfaae0ca5f16271a60fca45bc9
- SHA256
  
  2bfef15bc1bb1f0e062d305309ab363693ada9ece4e2dfdbcd9a25b3e3ce4f2e
- SHA512
  
  91dfa4f3d45a1862531bf3f8e00f4e2d0d19129f095609d81399b99a96a99d81028ce09f82fa4747b732f8690e671cc00a9d08d7efcd642d5a69be6ae4f71af6
- SSDEEP
  
  6144:Hx+u5A7Mfqr3joHqqIJYaHlUAEgasjCNl8S0M7+Mgpjhb27/zxOPs:R+upqsHqqNI25g/jKuM5gpNS
Score

10^/10

persistence evasion
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionpersistence