General
-
Target
NEAS.6c483ffc62bf8034b7f7793f0461b850.exe
-
Size
172KB
-
Sample
231028-yndrmahh65
-
MD5
6c483ffc62bf8034b7f7793f0461b850
-
SHA1
aed1375bd939f7afe1b4f74f30dc13c6bb9faaa0
-
SHA256
19564bf495a7547bc00439a281211c9d85b97fadc642f336bbf542959de7322a
-
SHA512
4573cc5ccb9c45148754edbe8035a293bdabcfbdbddd5ef59c2360d1878cb16d6e63730c0910dbe8e1ab24238f19101cb118b80c495045be96fee6ba60a47483
-
SSDEEP
3072:g14mOxrKFNZYhrgtRFuV2DDbuiTf3hPsOraS87FYqjTZbn4TGh:gnYWYhrgtRo6DSiTf3hPswa1TZjxh
Malware Config
Targets
-
-
Target
NEAS.6c483ffc62bf8034b7f7793f0461b850.exe
-
Size
172KB
-
MD5
6c483ffc62bf8034b7f7793f0461b850
-
SHA1
aed1375bd939f7afe1b4f74f30dc13c6bb9faaa0
-
SHA256
19564bf495a7547bc00439a281211c9d85b97fadc642f336bbf542959de7322a
-
SHA512
4573cc5ccb9c45148754edbe8035a293bdabcfbdbddd5ef59c2360d1878cb16d6e63730c0910dbe8e1ab24238f19101cb118b80c495045be96fee6ba60a47483
-
SSDEEP
3072:g14mOxrKFNZYhrgtRFuV2DDbuiTf3hPsOraS87FYqjTZbn4TGh:gnYWYhrgtRo6DSiTf3hPswa1TZjxh
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
1