e2a06169705a62daf3488f928eba68c771d34a2fb12ecd2859000faf063dab76 | Triage

Sharing

General

Target

NEAS.aeb0dd21b984b71d2ee95aebef5ac5d0_JC.exe
Size

344KB
Sample

231105-tk2xtsae24
MD5

aeb0dd21b984b71d2ee95aebef5ac5d0
SHA1

45b7c8836a69ac9829b56823b683a8b75f247dcd
SHA256

e2a06169705a62daf3488f928eba68c771d34a2fb12ecd2859000faf063dab76
SHA512

187b3e4c02c35e369c900e3f2bd3b0f696a9cdbd2ecec33095115b7f667c6a5d7d223a17902260f123d014b324572abf4ec098362e9fd7bb1ab76ddbdd0e6bae
SSDEEP

6144:YQMmbjV28okoS4oE0XAewbTKNypU8CBtVzQ75:YWoioS/AIHk

Score

10^/10

discovery evasion exploit persistence trojan

Malware Config

Targets

- Target
  
  NEAS.aeb0dd21b984b71d2ee95aebef5ac5d0_JC.exe
- Size
  
  344KB
- MD5
  
  aeb0dd21b984b71d2ee95aebef5ac5d0
- SHA1
  
  45b7c8836a69ac9829b56823b683a8b75f247dcd
- SHA256
  
  e2a06169705a62daf3488f928eba68c771d34a2fb12ecd2859000faf063dab76
- SHA512
  
  187b3e4c02c35e369c900e3f2bd3b0f696a9cdbd2ecec33095115b7f667c6a5d7d223a17902260f123d014b324572abf4ec098362e9fd7bb1ab76ddbdd0e6bae
- SSDEEP
  
  6144:YQMmbjV28okoS4oE0XAewbTKNypU8CBtVzQ75:YWoioS/AIHk
Score

10^/10

discovery evasion exploit persistence trojan
- UAC bypass
  evasion trojan
- Disables Task Manager via registry modification
  evasion
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies file permissions
  discovery
- Modifies system executable filetype association
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Event Triggered Execution

Change Default File Association

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

File and Directory Permissions Modification

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionexploitpersistencetrojan

behavioral2

discoveryevasionexploitpersistencetrojan