Overview

overview

10

Static

static

3

NEAS.e0f46...60.exe

windows7-x64

10

NEAS.e0f46...60.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.e0f468a51b95d593276550f8858f6d60.exe

  • Size

    80KB

  • Sample

    231031-kx12maee7s

  • MD5

    e0f468a51b95d593276550f8858f6d60

  • SHA1

    d8cf9f13d9f691d4f05c356d8c3f396dabbac88c

  • SHA256

    af25fd47de9384720e4606bb807e58f4191c220770727aac85c8839e3644c797

  • SHA512

    6d5cd4fd6bb36eeec6464bd5de5ce9bce691265bd51d34f8b279abda757623b1f6c15359437b6addc076b3551f24329f396485eafd097112c9da41d89792fbeb

  • SSDEEP

    1536:5vnMoORizUPliPsm/gL16ZpQGh6MgHN+PhuLGR/11:RnxOMUMPsgQvTMY+PhGGR/11

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      NEAS.e0f468a51b95d593276550f8858f6d60.exe

    • Size

      80KB

    • MD5

      e0f468a51b95d593276550f8858f6d60

    • SHA1

      d8cf9f13d9f691d4f05c356d8c3f396dabbac88c

    • SHA256

      af25fd47de9384720e4606bb807e58f4191c220770727aac85c8839e3644c797

    • SHA512

      6d5cd4fd6bb36eeec6464bd5de5ce9bce691265bd51d34f8b279abda757623b1f6c15359437b6addc076b3551f24329f396485eafd097112c9da41d89792fbeb

    • SSDEEP

      1536:5vnMoORizUPliPsm/gL16ZpQGh6MgHN+PhuLGR/11:RnxOMUMPsgQvTMY+PhGGR/11

    Score
    10/10
    evasionpersistence

    • Modifies WinLogon for persistence

      persistence

    • Modifies visibility of file extensions in Explorer

      evasion

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Adds policy Run key to start application

      persistence

    • Disables RegEdit via registry modification

      evasion

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks