ffa7cbcfdc97c1bd2b043123d12dfb38754f93e4c9d6ec8d7bbdc8edc555f612 | Triage

Sharing

General

Target

NEAS.1978093d098dafaa49c4fe49218b7a50.exe
Size

473KB
Sample

231028-wncs8afe73
MD5

1978093d098dafaa49c4fe49218b7a50
SHA1

d56298d42d3d2a23c3112e1eb6305cf9cff9dd9f
SHA256

ffa7cbcfdc97c1bd2b043123d12dfb38754f93e4c9d6ec8d7bbdc8edc555f612
SHA512

6c618955be4a4bce11958a986b1b7f9eb9e11ec35cea663aab7432df36047c247b7878c43ba9dc554877a2ad5203147e6237fb4c45fea0d12f22341764c049a2
SSDEEP

1536:ur3Z5IfQmv81a1xyXHZ+NGQSLNmCm6oyz7jBd7qDmbNPMJAVC+++f:yJOfQm01mxyXHZKG7pm6j77X

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  NEAS.1978093d098dafaa49c4fe49218b7a50.exe
- Size
  
  473KB
- MD5
  
  1978093d098dafaa49c4fe49218b7a50
- SHA1
  
  d56298d42d3d2a23c3112e1eb6305cf9cff9dd9f
- SHA256
  
  ffa7cbcfdc97c1bd2b043123d12dfb38754f93e4c9d6ec8d7bbdc8edc555f612
- SHA512
  
  6c618955be4a4bce11958a986b1b7f9eb9e11ec35cea663aab7432df36047c247b7878c43ba9dc554877a2ad5203147e6237fb4c45fea0d12f22341764c049a2
- SSDEEP
  
  1536:ur3Z5IfQmv81a1xyXHZ+NGQSLNmCm6oyz7jBd7qDmbNPMJAVC+++f:yJOfQm01mxyXHZKG7pm6j77X
Score

8^/10

evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2