965c8ad9a47a0c82ceef371c2f6915573a536548368cca39c86c6bb3fb7f7cb3 | Triage

Sharing

General

Target

NEAS.0ff02e578b946881a6f80a1c511dc890.exe
Size

317KB
Sample

231101-q6zstabf33
MD5

0ff02e578b946881a6f80a1c511dc890
SHA1

99cafeb256475dfe4809dab942092b3095f7e1b7
SHA256

965c8ad9a47a0c82ceef371c2f6915573a536548368cca39c86c6bb3fb7f7cb3
SHA512

9091c2e388108160b59d8a60c047cd1c815c7885553fc1502ee211ed4f7d6131e508c2222721fcb8166fb8e78660485a1b881e8341bb4ebf4d49af56f8840493
SSDEEP

6144:MVXm4i6pO0v/YBxK8eFLj3qJ5/TX2oK/aQq:Ms4++8ijaJRO/y

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  NEAS.0ff02e578b946881a6f80a1c511dc890.exe
- Size
  
  317KB
- MD5
  
  0ff02e578b946881a6f80a1c511dc890
- SHA1
  
  99cafeb256475dfe4809dab942092b3095f7e1b7
- SHA256
  
  965c8ad9a47a0c82ceef371c2f6915573a536548368cca39c86c6bb3fb7f7cb3
- SHA512
  
  9091c2e388108160b59d8a60c047cd1c815c7885553fc1502ee211ed4f7d6131e508c2222721fcb8166fb8e78660485a1b881e8341bb4ebf4d49af56f8840493
- SSDEEP
  
  6144:MVXm4i6pO0v/YBxK8eFLj3qJ5/TX2oK/aQq:Ms4++8ijaJRO/y
Score

7^/10

persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2