General

  • Target

    NEAS.1d216b068ab71ecca2551e8bb57e02d7.exe

  • Size

    19KB

  • Sample

    231104-tegdyacd3v

  • MD5

    1d216b068ab71ecca2551e8bb57e02d7

  • SHA1

    f923383e8c0f472822d92513b8e990140555146b

  • SHA256

    a4ca4ee77ab1f9535276471ed2ac831421648201771920a4c700c7d307eb459e

  • SHA512

    d8c05ac93cd0823acede9deed8e67b13b7fb6a1739c70fe1447c024619a48cc40495fc822e829f34873a4e3bce3a28df80d9ba8e1f5a8ce6b931b7d555bce092

  • SSDEEP

    384:UBWoC5GDr6wc/w3HgM6vDUTAXBGCVf4WVlFvXKN:rRkiLw3HsDSARGG/6N

Malware Config

Targets

    • Target

      NEAS.1d216b068ab71ecca2551e8bb57e02d7.exe

    • Size

      19KB

    • MD5

      1d216b068ab71ecca2551e8bb57e02d7

    • SHA1

      f923383e8c0f472822d92513b8e990140555146b

    • SHA256

      a4ca4ee77ab1f9535276471ed2ac831421648201771920a4c700c7d307eb459e

    • SHA512

      d8c05ac93cd0823acede9deed8e67b13b7fb6a1739c70fe1447c024619a48cc40495fc822e829f34873a4e3bce3a28df80d9ba8e1f5a8ce6b931b7d555bce092

    • SSDEEP

      384:UBWoC5GDr6wc/w3HgM6vDUTAXBGCVf4WVlFvXKN:rRkiLw3HsDSARGG/6N

    • Windows security bypass

    • Drops file in Drivers directory

    • Modifies Installed Components in the registry

    • Sets file execution options in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks