General

  • Target

    NEAS.6d56776a0d3b0ae92498cdfa590e8ca0.exe

  • Size

    1.7MB

  • Sample

    231112-1a43rscb4t

  • MD5

    6d56776a0d3b0ae92498cdfa590e8ca0

  • SHA1

    23d21c678f6c02b54ab61d6eb20e6e2ff5d47465

  • SHA256

    7f21d8dcb9b3613d829ae97526b141b2e4c35cb286a9bdf1a3a1a7e895f03bc9

  • SHA512

    521eec1f23769f06698858a43c57d056b3672e6b9b71433073cada9eaf724f0c1f523d324f3583cf29c3f5254495e490eb17eb32b16437a28b84b73a262e6d54

  • SSDEEP

    49152:DpPNiqTVoiCVsqSMRrQFTAm4o24TduMpwNRU:NNiqpcsFCrQFEm40vpwQ

Score
10/10

Malware Config

Targets

    • Target

      NEAS.6d56776a0d3b0ae92498cdfa590e8ca0.exe

    • Size

      1.7MB

    • MD5

      6d56776a0d3b0ae92498cdfa590e8ca0

    • SHA1

      23d21c678f6c02b54ab61d6eb20e6e2ff5d47465

    • SHA256

      7f21d8dcb9b3613d829ae97526b141b2e4c35cb286a9bdf1a3a1a7e895f03bc9

    • SHA512

      521eec1f23769f06698858a43c57d056b3672e6b9b71433073cada9eaf724f0c1f523d324f3583cf29c3f5254495e490eb17eb32b16437a28b84b73a262e6d54

    • SSDEEP

      49152:DpPNiqTVoiCVsqSMRrQFTAm4o24TduMpwNRU:NNiqpcsFCrQFEm40vpwQ

    Score
    10/10
    • Modifies visiblity of hidden/system files in Explorer

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks