General
-
Target
NEAS.f795aa600625f4fcd451f6c36877a100.exe
-
Size
323KB
-
Sample
231112-y9xfvsbe21
-
MD5
f795aa600625f4fcd451f6c36877a100
-
SHA1
fa2e9b314c2991a56b25d878051011b509355208
-
SHA256
9bc3ebd1a66ca4e140be8aeb06a9eb31e600fc7f27efaa564c55fb891fabe6ba
-
SHA512
545e9661b8fc41405a75dc1e2e6b7b285e04fcaa6461ad27501f922374ac7f3ebb2629cfbeece7168a61d66d336dcaae51face426824e59fe2b26d43646cd9bd
-
SSDEEP
6144:hBxeN/Tdx8YzL+4eBDgelLBL9C53TV5n+yNXavM:hBxe9dx8Yz6nhtL9C53TV5n+4av
Malware Config
Targets
-
-
Target
NEAS.f795aa600625f4fcd451f6c36877a100.exe
-
Size
323KB
-
MD5
f795aa600625f4fcd451f6c36877a100
-
SHA1
fa2e9b314c2991a56b25d878051011b509355208
-
SHA256
9bc3ebd1a66ca4e140be8aeb06a9eb31e600fc7f27efaa564c55fb891fabe6ba
-
SHA512
545e9661b8fc41405a75dc1e2e6b7b285e04fcaa6461ad27501f922374ac7f3ebb2629cfbeece7168a61d66d336dcaae51face426824e59fe2b26d43646cd9bd
-
SSDEEP
6144:hBxeN/Tdx8YzL+4eBDgelLBL9C53TV5n+yNXavM:hBxe9dx8Yz6nhtL9C53TV5n+4av
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables cmd.exe use via registry modification
-
Disables use of System Restore points
-
Sets file execution options in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Event Triggered Execution
1Change Default File Association
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
8