General
-
Target
NEAS.6ed44941cda71e14a32a1ec3af624a90.exe
-
Size
123KB
-
Sample
231031-kt955ace5x
-
MD5
6ed44941cda71e14a32a1ec3af624a90
-
SHA1
3a4856a5033bf2debb21eec15b3e93d379242f0b
-
SHA256
93ef37d0c302c48ed5a5653ebd8cfe5478b35cf966cfc9b44797960dfff978b3
-
SHA512
547aa71785ea0afec0a782d497273008eb2ce50f0a4b775dd39e0d4c343aaf559c9723784fdb3505738e80cfedd99c81da2d44318944e20bce16b7fd601c6152
-
SSDEEP
1536:Uq+hxu7wWSrj+SaXo+9J1fbWhz7si+3MrXiOOAAhgPCose14GuDOHXVUmqpJtq9Y:dXRBY0JczjX/lOgzHqpD2gpjq9rYbeW
Malware Config
Targets
-
-
Target
NEAS.6ed44941cda71e14a32a1ec3af624a90.exe
-
Size
123KB
-
MD5
6ed44941cda71e14a32a1ec3af624a90
-
SHA1
3a4856a5033bf2debb21eec15b3e93d379242f0b
-
SHA256
93ef37d0c302c48ed5a5653ebd8cfe5478b35cf966cfc9b44797960dfff978b3
-
SHA512
547aa71785ea0afec0a782d497273008eb2ce50f0a4b775dd39e0d4c343aaf559c9723784fdb3505738e80cfedd99c81da2d44318944e20bce16b7fd601c6152
-
SSDEEP
1536:Uq+hxu7wWSrj+SaXo+9J1fbWhz7si+3MrXiOOAAhgPCose14GuDOHXVUmqpJtq9Y:dXRBY0JczjX/lOgzHqpD2gpjq9rYbeW
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2