General
-
Target
NEAS.01b94eaa99f2e998d7cb882ce673f620_JC.exe
-
Size
216KB
-
Sample
231104-lj8d8agh74
-
MD5
01b94eaa99f2e998d7cb882ce673f620
-
SHA1
5e3a8514ae4ac4232c48f5ce24891cdd96a3133d
-
SHA256
8c407c42ab90e8ccffd55b917c9b7bae3210de515519ded70f1d7df3fe6784db
-
SHA512
69f1457a6919a7496c95fdee93b5061e2fb85a1a5f730041bf51a04f6db00409381230a86ee0cbfc1c36352717e50198ae8aa994970f2857b5f9f16f756f132d
-
SSDEEP
6144:pDn0J/fNQ4bc3wT994Th6rC2dzT/Y7BNandXg:hefN3o3wT994Th6rC2dI7radQ
Malware Config
Targets
-
-
Target
NEAS.01b94eaa99f2e998d7cb882ce673f620_JC.exe
-
Size
216KB
-
MD5
01b94eaa99f2e998d7cb882ce673f620
-
SHA1
5e3a8514ae4ac4232c48f5ce24891cdd96a3133d
-
SHA256
8c407c42ab90e8ccffd55b917c9b7bae3210de515519ded70f1d7df3fe6784db
-
SHA512
69f1457a6919a7496c95fdee93b5061e2fb85a1a5f730041bf51a04f6db00409381230a86ee0cbfc1c36352717e50198ae8aa994970f2857b5f9f16f756f132d
-
SSDEEP
6144:pDn0J/fNQ4bc3wT994Th6rC2dzT/Y7BNandXg:hefN3o3wT994Th6rC2dI7radQ
Score10/10-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Disables use of System Restore points
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
4