8bce07407daff52f8b415543faf53aa4e7e5c4b69bb072ba543ba2f74b0a6473 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.684820cff08b6f81238811f949006800.exe
Size

88KB
Sample

231028-ym94fagc2v
MD5

684820cff08b6f81238811f949006800
SHA1

260580c0b194ea9c6ec5f3ba012d71325e619545
SHA256

8bce07407daff52f8b415543faf53aa4e7e5c4b69bb072ba543ba2f74b0a6473
SHA512

0788c81c715b5ba9b08da65ddc530245c3bf7afcdd8476b3efcaee1996d3cf14611ddf18e4400b3f9045173c80c051bd311bb308612bb36dd20a19309d3981ec
SSDEEP

768:1K4cy0muec4OdJNUC1x2avPPpykILkGuIBLP3nRndrS1Gb:1pc0ZOdUCJwVu6pS1Gb

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  NEAS.684820cff08b6f81238811f949006800.exe
- Size
  
  88KB
- MD5
  
  684820cff08b6f81238811f949006800
- SHA1
  
  260580c0b194ea9c6ec5f3ba012d71325e619545
- SHA256
  
  8bce07407daff52f8b415543faf53aa4e7e5c4b69bb072ba543ba2f74b0a6473
- SHA512
  
  0788c81c715b5ba9b08da65ddc530245c3bf7afcdd8476b3efcaee1996d3cf14611ddf18e4400b3f9045173c80c051bd311bb308612bb36dd20a19309d3981ec
- SSDEEP
  
  768:1K4cy0muec4OdJNUC1x2avPPpykILkGuIBLP3nRndrS1Gb:1pc0ZOdUCJwVu6pS1Gb
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence