5949230dbc997f49587f5eb701199426475ed434956cddae4f6683760589a943 | Triage

Sharing

General

Target

NEAS.e9f4139f389ce94010707f3d00f7d8b0.exe
Size

244KB
Sample

231101-rqbayshb4y
MD5

e9f4139f389ce94010707f3d00f7d8b0
SHA1

b53ca256f58c041dcd91bacfd8cb5b0ad45c7cc9
SHA256

5949230dbc997f49587f5eb701199426475ed434956cddae4f6683760589a943
SHA512

def745eb18b9c62aab31ef5688a4f8909d5b21da69c7c28c15de3cd9aeea2463792a4275cba9d1a6568bd93e70b3042e3bcb39a69a1a6c8553ec4d901f65ce1d
SSDEEP

6144:SRiQ+u5HAPkbZePJDmlI/+dfkIOwgccXYJcmI3cvHQOFZayUa/nM2:SRiQ+u5HAPk9EUoYJcmym0

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  NEAS.e9f4139f389ce94010707f3d00f7d8b0.exe
- Size
  
  244KB
- MD5
  
  e9f4139f389ce94010707f3d00f7d8b0
- SHA1
  
  b53ca256f58c041dcd91bacfd8cb5b0ad45c7cc9
- SHA256
  
  5949230dbc997f49587f5eb701199426475ed434956cddae4f6683760589a943
- SHA512
  
  def745eb18b9c62aab31ef5688a4f8909d5b21da69c7c28c15de3cd9aeea2463792a4275cba9d1a6568bd93e70b3042e3bcb39a69a1a6c8553ec4d901f65ce1d
- SSDEEP
  
  6144:SRiQ+u5HAPkbZePJDmlI/+dfkIOwgccXYJcmI3cvHQOFZayUa/nM2:SRiQ+u5HAPk9EUoYJcmym0
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence