General
-
Target
NEAS.cbe5aea32527f40ca6d46337fd725260.exe
-
Size
441KB
-
Sample
231112-2jc63sdf23
-
MD5
cbe5aea32527f40ca6d46337fd725260
-
SHA1
fc02623dbb288398ebfd81fb684a074a91086cc4
-
SHA256
ae74600e6aafd30c5dd08ef8ba6dd0e9e4437173695c67a20ab6920b933109df
-
SHA512
97a683bed0891384a18ae090437e21331dc0ac671c555682ba3683b5d1650890f672db669baf147d10c9361eeb3a19a1d37229624bcb0d0bb4db076aad52ece4
-
SSDEEP
6144:nVDW4rhvgSvI2mRDZVQHF7i3ObaLiZQTuIT9JWcuLRsH3y1bh3d3DyNeReF9bFWv:lrmRDc0e3ZQTuITTWRWi1bhEeU9R25
Malware Config
Targets
-
-
Target
NEAS.cbe5aea32527f40ca6d46337fd725260.exe
-
Size
441KB
-
MD5
cbe5aea32527f40ca6d46337fd725260
-
SHA1
fc02623dbb288398ebfd81fb684a074a91086cc4
-
SHA256
ae74600e6aafd30c5dd08ef8ba6dd0e9e4437173695c67a20ab6920b933109df
-
SHA512
97a683bed0891384a18ae090437e21331dc0ac671c555682ba3683b5d1650890f672db669baf147d10c9361eeb3a19a1d37229624bcb0d0bb4db076aad52ece4
-
SSDEEP
6144:nVDW4rhvgSvI2mRDZVQHF7i3ObaLiZQTuIT9JWcuLRsH3y1bh3d3DyNeReF9bFWv:lrmRDc0e3ZQTuITTWRWi1bhEeU9R25
Score10/10-
UAC bypass
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1