Overview

overview

8

Static

static

3

NEAS.2b84e...b0.exe

windows7-x64

7

NEAS.2b84e...b0.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    NEAS.2b84e7dc9ee9e73611c38072066897b0.exe

  • Size

    284KB

  • Sample

    231101-q8qypace88

  • MD5

    2b84e7dc9ee9e73611c38072066897b0

  • SHA1

    6a1d9218b194c5f776503a3f1ea7f62b4a24bd26

  • SHA256

    a384fb42413bd8595e5d039e50104348102b6ff6847237d33cc2d819b54d0ed9

  • SHA512

    13e62ac70a9671c24339e58e218006451a2fc25733de0a3702ae4cda62329796c9549344659f10a384d889add63006778778b89b0b209c946875c8cb03de71bc

  • SSDEEP

    3072:mSQ0EWVwZhKxC5Rt+k60Zh+qw6PYSsszfHZTZJ2lC:mPA6wxmuJspr2l

Score
8/10
persistenceupx

Malware Config

Targets

    • Target

      NEAS.2b84e7dc9ee9e73611c38072066897b0.exe

    • Size

      284KB

    • MD5

      2b84e7dc9ee9e73611c38072066897b0

    • SHA1

      6a1d9218b194c5f776503a3f1ea7f62b4a24bd26

    • SHA256

      a384fb42413bd8595e5d039e50104348102b6ff6847237d33cc2d819b54d0ed9

    • SHA512

      13e62ac70a9671c24339e58e218006451a2fc25733de0a3702ae4cda62329796c9549344659f10a384d889add63006778778b89b0b209c946875c8cb03de71bc

    • SSDEEP

      3072:mSQ0EWVwZhKxC5Rt+k60Zh+qw6PYSsszfHZTZJ2lC:mPA6wxmuJspr2l

    Score
    8/10
    persistenceupx

    • Adds policy Run key to start application

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks