Overview

overview

7

Static

static

3

NEAS.f8c43...JC.exe

windows7-x64

7

NEAS.f8c43...JC.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.f8c431385b26359e8a88ae72b0812650_JC.exe

  • Size

    257KB

  • Sample

    231102-z1573sfg6t

  • MD5

    f8c431385b26359e8a88ae72b0812650

  • SHA1

    a6a2aae10c4c5dc8572b2657bfa167c158f927f0

  • SHA256

    8ae56fd12244d0c8403a76405f898afc276e0e4ebcbc3bfce7e9994f2bbcc2ff

  • SHA512

    eff6fda763f2adad93329cddd92ca01222f195f10f73d09f5fd3459655646372219580ee266b5d8b790ea25ab8a5dd9045ef619cff36d9b3c600b5942e6c61fe

  • SSDEEP

    6144:Lottw6sbF2RaA1B+BwXj+G0ZRGP1dJiGNmOdT2GusIKpvVAOv/5T3Eoj7FAqibO/:cRsbFaL1BDpZj

Score
7/10
persistenceupx

Malware Config

Targets

    • Target

      NEAS.f8c431385b26359e8a88ae72b0812650_JC.exe

    • Size

      257KB

    • MD5

      f8c431385b26359e8a88ae72b0812650

    • SHA1

      a6a2aae10c4c5dc8572b2657bfa167c158f927f0

    • SHA256

      8ae56fd12244d0c8403a76405f898afc276e0e4ebcbc3bfce7e9994f2bbcc2ff

    • SHA512

      eff6fda763f2adad93329cddd92ca01222f195f10f73d09f5fd3459655646372219580ee266b5d8b790ea25ab8a5dd9045ef619cff36d9b3c600b5942e6c61fe

    • SSDEEP

      6144:Lottw6sbF2RaA1B+BwXj+G0ZRGP1dJiGNmOdT2GusIKpvVAOv/5T3Eoj7FAqibO/:cRsbFaL1BDpZj

    Score
    7/10
    persistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks