497c868ed60ac4983b1e3e7c1a92bbf270b6a481315acda06bfed002fa6ac1d4 | Triage

Sharing

General

Target

NEAS.e5e4054e4f4268a21dd172ab7837e450_JC.exe
Size

812KB
Sample

231101-zctjdada2x
MD5

e5e4054e4f4268a21dd172ab7837e450
SHA1

f63e44b9fae0161717527b47161e597fb53f1f00
SHA256

497c868ed60ac4983b1e3e7c1a92bbf270b6a481315acda06bfed002fa6ac1d4
SHA512

19a26554df704120096ecbfd47098fd13439ed283f224f9fc12807a06ca258289c66f9cbd975f047ff8b32b403dc2e077ef9c86e5a3c4e4237f4127b5e810da0
SSDEEP

12288:wBbMjdsHaoe/f8zVa6YbXDx1Ec2O5IciBGqxWMsBG7:wNMjOaoe/UzI6YbXLP2O5IcitkXU

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  NEAS.e5e4054e4f4268a21dd172ab7837e450_JC.exe
- Size
  
  812KB
- MD5
  
  e5e4054e4f4268a21dd172ab7837e450
- SHA1
  
  f63e44b9fae0161717527b47161e597fb53f1f00
- SHA256
  
  497c868ed60ac4983b1e3e7c1a92bbf270b6a481315acda06bfed002fa6ac1d4
- SHA512
  
  19a26554df704120096ecbfd47098fd13439ed283f224f9fc12807a06ca258289c66f9cbd975f047ff8b32b403dc2e077ef9c86e5a3c4e4237f4127b5e810da0
- SSDEEP
  
  12288:wBbMjdsHaoe/f8zVa6YbXDx1Ec2O5IciBGqxWMsBG7:wNMjOaoe/UzI6YbXLP2O5IcitkXU
Score

7^/10

persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2