General
-
Target
NEAS.6d56776a0d3b0ae92498cdfa590e8ca0.exe
-
Size
1.7MB
-
Sample
231112-1a43rscb4t
-
MD5
6d56776a0d3b0ae92498cdfa590e8ca0
-
SHA1
23d21c678f6c02b54ab61d6eb20e6e2ff5d47465
-
SHA256
7f21d8dcb9b3613d829ae97526b141b2e4c35cb286a9bdf1a3a1a7e895f03bc9
-
SHA512
521eec1f23769f06698858a43c57d056b3672e6b9b71433073cada9eaf724f0c1f523d324f3583cf29c3f5254495e490eb17eb32b16437a28b84b73a262e6d54
-
SSDEEP
49152:DpPNiqTVoiCVsqSMRrQFTAm4o24TduMpwNRU:NNiqpcsFCrQFEm40vpwQ
Malware Config
Targets
-
-
Target
NEAS.6d56776a0d3b0ae92498cdfa590e8ca0.exe
-
Size
1.7MB
-
MD5
6d56776a0d3b0ae92498cdfa590e8ca0
-
SHA1
23d21c678f6c02b54ab61d6eb20e6e2ff5d47465
-
SHA256
7f21d8dcb9b3613d829ae97526b141b2e4c35cb286a9bdf1a3a1a7e895f03bc9
-
SHA512
521eec1f23769f06698858a43c57d056b3672e6b9b71433073cada9eaf724f0c1f523d324f3583cf29c3f5254495e490eb17eb32b16437a28b84b73a262e6d54
-
SSDEEP
49152:DpPNiqTVoiCVsqSMRrQFTAm4o24TduMpwNRU:NNiqpcsFCrQFEm40vpwQ
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Virtualization/Sandbox Evasion
2