ef2c970a5722d121a2ab6cab00b8d60d68a5ff8428c6d73a1de5a85fb42bf6b5 | Triage

Sharing

General

Target

NEAS.736d6df31b1cfc42580f818558d9cbc0.exe
Size

227KB
Sample

231103-tb268seb4s
MD5

736d6df31b1cfc42580f818558d9cbc0
SHA1

2886bcf715aabb4ec5111e6b55571c400a127fb4
SHA256

ef2c970a5722d121a2ab6cab00b8d60d68a5ff8428c6d73a1de5a85fb42bf6b5
SHA512

0af9e0d7f14a3a161ce59a8f9db29039ef550de9831f10040f11d4393a417917f08199c90850d8a047c245f4a56ee380f46e40c6b472e92ad69cdd110b48dffa
SSDEEP

3072:YsXRmUIMitiMQose27vc+Eld+xZp2vPRL1tT06zJoxAWBcKpSP//dwRmIBk:ZR5IuMQoseGk7RZBGxAycKpSPX2i

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  NEAS.736d6df31b1cfc42580f818558d9cbc0.exe
- Size
  
  227KB
- MD5
  
  736d6df31b1cfc42580f818558d9cbc0
- SHA1
  
  2886bcf715aabb4ec5111e6b55571c400a127fb4
- SHA256
  
  ef2c970a5722d121a2ab6cab00b8d60d68a5ff8428c6d73a1de5a85fb42bf6b5
- SHA512
  
  0af9e0d7f14a3a161ce59a8f9db29039ef550de9831f10040f11d4393a417917f08199c90850d8a047c245f4a56ee380f46e40c6b472e92ad69cdd110b48dffa
- SSDEEP
  
  3072:YsXRmUIMitiMQose27vc+Eld+xZp2vPRL1tT06zJoxAWBcKpSP//dwRmIBk:ZR5IuMQoseGk7RZBGxAycKpSPX2i
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2