Overview

overview

7

Static

static

3

NEAS.8a4e9...40.exe

windows7-x64

7

NEAS.8a4e9...40.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.8a4e9c3611272d3e3243b1ed4e004340.exe

  • Size

    88KB

  • Sample

    231102-t9sepabd86

  • MD5

    8a4e9c3611272d3e3243b1ed4e004340

  • SHA1

    0a512e5cea6b770d472913d05615cfd475879a22

  • SHA256

    639b5ac940969ba251d824205418a3053e4017b13e3b69b820e2915f383e5e47

  • SHA512

    d1d016dfcb4940bb83154ff2506eeee82bfed109ff37dcee48345a0074263665ffa8e86b8a530f36e950a8a0e66e6aef4974f24bf40721ec6921230bc333ae62

  • SSDEEP

    1536:ahUDofByDJWbMGcEFLPEPKOJUsy1+VMA:aIofBHbKMP0PvMA

Score
7/10
persistenceupx

Malware Config

Targets

    • Target

      NEAS.8a4e9c3611272d3e3243b1ed4e004340.exe

    • Size

      88KB

    • MD5

      8a4e9c3611272d3e3243b1ed4e004340

    • SHA1

      0a512e5cea6b770d472913d05615cfd475879a22

    • SHA256

      639b5ac940969ba251d824205418a3053e4017b13e3b69b820e2915f383e5e47

    • SHA512

      d1d016dfcb4940bb83154ff2506eeee82bfed109ff37dcee48345a0074263665ffa8e86b8a530f36e950a8a0e66e6aef4974f24bf40721ec6921230bc333ae62

    • SSDEEP

      1536:ahUDofByDJWbMGcEFLPEPKOJUsy1+VMA:aIofBHbKMP0PvMA

    Score
    7/10
    persistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks