Overview

overview

10

Static

static

3

NEAS.b0267...JC.exe

windows7-x64

10

NEAS.b0267...JC.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    NEAS.b0267eb7b3a36dc486f1fa0b998d0430_JC.exe

  • Size

    205KB

  • Sample

    231102-gafwdsgb61

  • MD5

    b0267eb7b3a36dc486f1fa0b998d0430

  • SHA1

    bc389d0d47bd1a7b5123b3cf979a214d468c8e3e

  • SHA256

    1d79d314c6911b28d44ae25b2e56c04c945a7a7b0683a433115b03ead1c023c3

  • SHA512

    abdb5c49ee9a1cb5b0be80c280be4c8242d2c411a35beac584a9a3f65b8f75965a504d7a9eab1735937a90c99b1b60da2319102d35039af5dacabeb18c06f397

  • SSDEEP

    3072:pePgCctxGv4QcU9KQ2BBA2waPxhtmollN:lCctxGsWKQ2Bx5xvhN

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Targets

    • Target

      NEAS.b0267eb7b3a36dc486f1fa0b998d0430_JC.exe

    • Size

      205KB

    • MD5

      b0267eb7b3a36dc486f1fa0b998d0430

    • SHA1

      bc389d0d47bd1a7b5123b3cf979a214d468c8e3e

    • SHA256

      1d79d314c6911b28d44ae25b2e56c04c945a7a7b0683a433115b03ead1c023c3

    • SHA512

      abdb5c49ee9a1cb5b0be80c280be4c8242d2c411a35beac584a9a3f65b8f75965a504d7a9eab1735937a90c99b1b60da2319102d35039af5dacabeb18c06f397

    • SSDEEP

      3072:pePgCctxGv4QcU9KQ2BBA2waPxhtmollN:lCctxGsWKQ2Bx5xvhN

    Score
    10/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks