General
-
Target
NEAS.264562a53454d6813e9146a3d775f030.exe
-
Size
474KB
-
Sample
231113-awz3tsfa29
-
MD5
264562a53454d6813e9146a3d775f030
-
SHA1
31064e9e0a80097df2451cf539fb779db0744ea8
-
SHA256
be25085f83139f9abe486ae9cf799dd7bb3a40d9a2d5ae7ca945f820f32c8973
-
SHA512
9d7546ac1b1884b003191db649f8e7f80271285e263c55a0bd19a59f9bbf6fe53c3631583c7bf783d0d3ee34b9aa721ed5503f2fb512f8894b755eb1120bfef6
-
SSDEEP
6144:pjFRiOcXH6XWD0w1tizmtnktLJ6znvxNcCI+1jDIlnJ9+1aTEPTnOK4JKElv:nRDc3yWDNU+YUznzNjElWaT07NQtv
Malware Config
Targets
-
-
Target
NEAS.264562a53454d6813e9146a3d775f030.exe
-
Size
474KB
-
MD5
264562a53454d6813e9146a3d775f030
-
SHA1
31064e9e0a80097df2451cf539fb779db0744ea8
-
SHA256
be25085f83139f9abe486ae9cf799dd7bb3a40d9a2d5ae7ca945f820f32c8973
-
SHA512
9d7546ac1b1884b003191db649f8e7f80271285e263c55a0bd19a59f9bbf6fe53c3631583c7bf783d0d3ee34b9aa721ed5503f2fb512f8894b755eb1120bfef6
-
SSDEEP
6144:pjFRiOcXH6XWD0w1tizmtnktLJ6znvxNcCI+1jDIlnJ9+1aTEPTnOK4JKElv:nRDc3yWDNU+YUznzNjElWaT07NQtv
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Sets service image path in registry
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
1Windows Service
1