Overview

overview

10

Static

static

3

NEAS.3474c...d0.exe

windows7-x64

10

NEAS.3474c...d0.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    NEAS.3474c423fd2e2fdbebe1ac98095a71d0.exe

  • Size

    313KB

  • Sample

    231028-yllpfseh9x

  • MD5

    3474c423fd2e2fdbebe1ac98095a71d0

  • SHA1

    5187d03d7ad37d6fc7060e6e93c606c1b3f7b5ef

  • SHA256

    bad6c33b7419280ce4a8a9ea2ddf8341917d0b7de49b69c08f1552acaa384e75

  • SHA512

    421f6b1fccb22ae43c09f3cd5ae8f89c859a7613821530711fc6fdf8c54f27acb80e346fe83cdc47c7d273a1c6a0009594fafc388c6e35d44e7b3bc9f4f8d75a

  • SSDEEP

    6144:neHwXUU5EYCTvaBjDjWrLJKuKnGML5NjcxE:nyMUusvalag5NjaE

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      NEAS.3474c423fd2e2fdbebe1ac98095a71d0.exe

    • Size

      313KB

    • MD5

      3474c423fd2e2fdbebe1ac98095a71d0

    • SHA1

      5187d03d7ad37d6fc7060e6e93c606c1b3f7b5ef

    • SHA256

      bad6c33b7419280ce4a8a9ea2ddf8341917d0b7de49b69c08f1552acaa384e75

    • SHA512

      421f6b1fccb22ae43c09f3cd5ae8f89c859a7613821530711fc6fdf8c54f27acb80e346fe83cdc47c7d273a1c6a0009594fafc388c6e35d44e7b3bc9f4f8d75a

    • SSDEEP

      6144:neHwXUU5EYCTvaBjDjWrLJKuKnGML5NjcxE:nyMUusvalag5NjaE

    Score
    10/10
    evasionpersistenceupx

    • Modifies WinLogon for persistence

      persistence

    • Modifies visibility of file extensions in Explorer

      evasion

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Disables use of System Restore points

      evasion

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

3
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Winlogon Helper DLL

1
T1547.004

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Boot or Logon Autostart Execution

3
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Winlogon Helper DLL

1
T1547.004

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Modify Registry

6
T1112

Credential Access

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

1
T1490

Tasks