General
-
Target
NEAS.c3d1abc76f2262a1f009849492fd0f80.exe
-
Size
2.1MB
-
Sample
231028-yzgmnacc37
-
MD5
c3d1abc76f2262a1f009849492fd0f80
-
SHA1
03f68443d746090c80dfb269ffdd5eb9ae14f5a6
-
SHA256
38717c0c2faaef092871aa61ab7038288974c4b54f6172a5b0d3f22a6cacd505
-
SHA512
103d58050621ea861c0e34ba27efb133b2bcc59c61ef7b65ff6fd0aeee72c46ad20805008c457a0f0ea485525dc711e06b6566241560ca4afe394430f9a13a65
-
SSDEEP
1536:9nTwVYlmkpzEcHGtan2KR3dvJ77zZ38Ihp4:pHpZAKzvJNM9
Malware Config
Targets
-
-
Target
NEAS.c3d1abc76f2262a1f009849492fd0f80.exe
-
Size
2.1MB
-
MD5
c3d1abc76f2262a1f009849492fd0f80
-
SHA1
03f68443d746090c80dfb269ffdd5eb9ae14f5a6
-
SHA256
38717c0c2faaef092871aa61ab7038288974c4b54f6172a5b0d3f22a6cacd505
-
SHA512
103d58050621ea861c0e34ba27efb133b2bcc59c61ef7b65ff6fd0aeee72c46ad20805008c457a0f0ea485525dc711e06b6566241560ca4afe394430f9a13a65
-
SSDEEP
1536:9nTwVYlmkpzEcHGtan2KR3dvJ77zZ38Ihp4:pHpZAKzvJNM9
Score10/10-
UAC bypass
-
Adds policy Run key to start application
-
Modifies Windows Firewall
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1