0294aa8670f06445d963a77147c98753bc9160b5da0cf27cc88f9f80ab08897e | Triage

Sharing

General

Target

NEAS.52e6873faed9c27983bb4ed9ed6a9e50.exe
Size

92KB
Sample

231103-ql1jlsdc84
MD5

52e6873faed9c27983bb4ed9ed6a9e50
SHA1

6cbc68c018cfbbcbf2ece8063eefb665ad8d001b
SHA256

0294aa8670f06445d963a77147c98753bc9160b5da0cf27cc88f9f80ab08897e
SHA512

f1a1ec0283802b039945ce1f44df1a100b3f5155156c0fc79088f14617ec12929a161d41c6e900790b2fb31d27bda149c40fa5eca79d9c61c388618a054bf3f2
SSDEEP

768:eweJK9nvPCasW0QWH8cnW0ecO7fchJh51cTDge1VY/q45C2T1G+mt5QDbn0Pb:ew68cn3ZeMaauCDbn0z

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  NEAS.52e6873faed9c27983bb4ed9ed6a9e50.exe
- Size
  
  92KB
- MD5
  
  52e6873faed9c27983bb4ed9ed6a9e50
- SHA1
  
  6cbc68c018cfbbcbf2ece8063eefb665ad8d001b
- SHA256
  
  0294aa8670f06445d963a77147c98753bc9160b5da0cf27cc88f9f80ab08897e
- SHA512
  
  f1a1ec0283802b039945ce1f44df1a100b3f5155156c0fc79088f14617ec12929a161d41c6e900790b2fb31d27bda149c40fa5eca79d9c61c388618a054bf3f2
- SSDEEP
  
  768:eweJK9nvPCasW0QWH8cnW0ecO7fchJh51cTDge1VY/q45C2T1G+mt5QDbn0Pb:ew68cn3ZeMaauCDbn0z
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence