General
-
Target
NEAS.c8737951d2e9ac077d43eebdd39c3478.exe
-
Size
3.0MB
-
Sample
231111-nljvrafc95
-
MD5
c8737951d2e9ac077d43eebdd39c3478
-
SHA1
44705a4a8f9c3505ceb71af732ad07a2cacf83e1
-
SHA256
a1411c865a283d977f2e66575d4a873a1025d8f45eb22913a08e20bb692bb0f3
-
SHA512
5b5c3ba8dc028038e9ac70f711ff3d14eeac9352a3178ad2890b2a022b5eb5b05a89bcbc8ef9de518e52f8c56d4a286508698d98bcfdebfcfd500f4623395ec4
-
SSDEEP
49152:g6FO2Q48JbTC+xKCnFnQXBbrtgb/iQvu0UHOagh:3Q48J6+xvWbrtUTrUHO7
Malware Config
Targets
-
-
Target
NEAS.c8737951d2e9ac077d43eebdd39c3478.exe
-
Size
3.0MB
-
MD5
c8737951d2e9ac077d43eebdd39c3478
-
SHA1
44705a4a8f9c3505ceb71af732ad07a2cacf83e1
-
SHA256
a1411c865a283d977f2e66575d4a873a1025d8f45eb22913a08e20bb692bb0f3
-
SHA512
5b5c3ba8dc028038e9ac70f711ff3d14eeac9352a3178ad2890b2a022b5eb5b05a89bcbc8ef9de518e52f8c56d4a286508698d98bcfdebfcfd500f4623395ec4
-
SSDEEP
49152:g6FO2Q48JbTC+xKCnFnQXBbrtgb/iQvu0UHOagh:3Q48J6+xvWbrtUTrUHO7
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1