Overview

overview

10

Static

static

3

NEAS.d98ad...50.exe

windows7-x64

10

NEAS.d98ad...50.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    NEAS.d98adb3be96a8ac4ccbbf617eaee5f50.exe

  • Size

    261KB

  • Sample

    231107-vnxb7acc5t

  • MD5

    d98adb3be96a8ac4ccbbf617eaee5f50

  • SHA1

    11dfb758cecb396dde8cb7b713d4053ba1d41685

  • SHA256

    24fc428dfc6fe114f50cd2d648c72294b7b627f83ebb285938279ba8f8406f29

  • SHA512

    2e1df0809242357bb89c3b9640ed82bc55de7e999b14f8a5b7b7975fdc6307f12174e2c477539c07b8f96dfc887ecc1925a14038fcd727e0fcae746c08ebc23b

  • SSDEEP

    3072:mePgCctxGv4QcU9KQ2BBA2waPxhtmolu1CWN29/SAJyja:CCctxGsWKQ2Bx5xv61RN29SAAa

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Targets

    • Target

      NEAS.d98adb3be96a8ac4ccbbf617eaee5f50.exe

    • Size

      261KB

    • MD5

      d98adb3be96a8ac4ccbbf617eaee5f50

    • SHA1

      11dfb758cecb396dde8cb7b713d4053ba1d41685

    • SHA256

      24fc428dfc6fe114f50cd2d648c72294b7b627f83ebb285938279ba8f8406f29

    • SHA512

      2e1df0809242357bb89c3b9640ed82bc55de7e999b14f8a5b7b7975fdc6307f12174e2c477539c07b8f96dfc887ecc1925a14038fcd727e0fcae746c08ebc23b

    • SSDEEP

      3072:mePgCctxGv4QcU9KQ2BBA2waPxhtmolu1CWN29/SAJyja:CCctxGsWKQ2Bx5xv61RN29SAAa

    Score
    10/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks