3b183043b09e989dc505572a41e63e8a32b430508a054892cc83a897c1107385 | Triage

Sharing

General

Target

NEAS.841afb5b9f31fdb03deb4ea4ea092720.exe
Size

7.9MB
Sample

231111-pz1absgb89
MD5

841afb5b9f31fdb03deb4ea4ea092720
SHA1

d6965bf9f26b26b7ffcb8eb00e59dabf07f838c3
SHA256

3b183043b09e989dc505572a41e63e8a32b430508a054892cc83a897c1107385
SHA512

1a2383094dcb6e1ad73fbbcffde92bea435737caf6c722e5671d6f1dce10fb6f0f36cb2da90a744b6628f7c6683e62950fa3f34c0b8d58138277552007e1a7b4
SSDEEP

196608:8Aazg7DSmAazg7DSmAazg7DSmAazg7DSN:mg7usg7usg7usg7uN

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  NEAS.841afb5b9f31fdb03deb4ea4ea092720.exe
- Size
  
  7.9MB
- MD5
  
  841afb5b9f31fdb03deb4ea4ea092720
- SHA1
  
  d6965bf9f26b26b7ffcb8eb00e59dabf07f838c3
- SHA256
  
  3b183043b09e989dc505572a41e63e8a32b430508a054892cc83a897c1107385
- SHA512
  
  1a2383094dcb6e1ad73fbbcffde92bea435737caf6c722e5671d6f1dce10fb6f0f36cb2da90a744b6628f7c6683e62950fa3f34c0b8d58138277552007e1a7b4
- SSDEEP
  
  196608:8Aazg7DSmAazg7DSmAazg7DSmAazg7DSN:mg7usg7usg7usg7uN
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2