96f193b9ab2b7a6e3017b80489583486458727d9be86c302669afb2b1972328c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.cef0c022ffacd0df644fa31a5aa2bd60.exe
Size

45KB
Sample

231107-g12wjseb84
MD5

cef0c022ffacd0df644fa31a5aa2bd60
SHA1

6e2d4a744b29ad298e3a17e7040253d4dddf220e
SHA256

96f193b9ab2b7a6e3017b80489583486458727d9be86c302669afb2b1972328c
SHA512

06f66c38426d7f8ba2e214a6c973ac1b39c90bbe4156ea5dc22d4279ccdb4564609bd6ae969f6340f289e82b438bafdf4a23b7e6bb3ec014c0926dc2384ce48d
SSDEEP

384:u2T+/jvJ7+gFrJk04OMcYyOVJ9KRqnGTq/yX9k7uaaTiOmCdIniQG61COIV3NhW2:BOZ+gr36q1y/youIMdIniQG61tIVTB

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  NEAS.cef0c022ffacd0df644fa31a5aa2bd60.exe
- Size
  
  45KB
- MD5
  
  cef0c022ffacd0df644fa31a5aa2bd60
- SHA1
  
  6e2d4a744b29ad298e3a17e7040253d4dddf220e
- SHA256
  
  96f193b9ab2b7a6e3017b80489583486458727d9be86c302669afb2b1972328c
- SHA512
  
  06f66c38426d7f8ba2e214a6c973ac1b39c90bbe4156ea5dc22d4279ccdb4564609bd6ae969f6340f289e82b438bafdf4a23b7e6bb3ec014c0926dc2384ce48d
- SSDEEP
  
  384:u2T+/jvJ7+gFrJk04OMcYyOVJ9KRqnGTq/yX9k7uaaTiOmCdIniQG61COIV3NhW2:BOZ+gr36q1y/youIMdIniQG61tIVTB
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2