d7a1ea2715823fc0b0e060d5d70d3452336ebd3cec732502c4751bc853acbeec | Triage

Sharing

General

Target

NEAS.6d13441dbcc0eb39c8579143bf1b23e0.exe
Size

168KB
Sample

231107-d4318scd36
MD5

6d13441dbcc0eb39c8579143bf1b23e0
SHA1

e33af0fa2a43383e80ef9f273456ed6877263151
SHA256

d7a1ea2715823fc0b0e060d5d70d3452336ebd3cec732502c4751bc853acbeec
SHA512

7c8f6d262506d44b3f5d292db116a8ad84f9745092a1a35e47c0a84487f0e8ecfbab4961ff5bb180227e2dd458bbfe1d4b5dddec29efac423c28db84d541ddf3
SSDEEP

3072:4XTTASJKf2n5AxE2NpxOa2XdU2QF4s5XgIDFyHb8kHofL/09rG:4vASJKenie2xT2NU2OTFQb8Fb0I

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  NEAS.6d13441dbcc0eb39c8579143bf1b23e0.exe
- Size
  
  168KB
- MD5
  
  6d13441dbcc0eb39c8579143bf1b23e0
- SHA1
  
  e33af0fa2a43383e80ef9f273456ed6877263151
- SHA256
  
  d7a1ea2715823fc0b0e060d5d70d3452336ebd3cec732502c4751bc853acbeec
- SHA512
  
  7c8f6d262506d44b3f5d292db116a8ad84f9745092a1a35e47c0a84487f0e8ecfbab4961ff5bb180227e2dd458bbfe1d4b5dddec29efac423c28db84d541ddf3
- SSDEEP
  
  3072:4XTTASJKf2n5AxE2NpxOa2XdU2QF4s5XgIDFyHb8kHofL/09rG:4vASJKenie2xT2NU2OTFQb8Fb0I
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Software Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2