f23f3f065445ff8eb86cddf2197731f12c85735fe2e1d297b6d9be0c3d63fc73 | Triage

Sharing

General

Target

NEAS.5f02dcd25fac3da41676799616b43160.exe
Size

123KB
Sample

231115-hfkbfadf86
MD5

5f02dcd25fac3da41676799616b43160
SHA1

206daf4f00c38de3ed9772159be67e010061509a
SHA256

f23f3f065445ff8eb86cddf2197731f12c85735fe2e1d297b6d9be0c3d63fc73
SHA512

ed2ae629684dd3721e365a47e885ba7c87c9d12d91f845dc24d77717707f94a29f563be59f36b3f041f68808b78fbe1ac83f35d1d75e89125097bfd0d7faec0d
SSDEEP

3072:PfU/WF6QMauSuiWNi9CO+WARJrWNZIYvQd2s:AWKauSuiWNiUBRJrW7fs

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  NEAS.5f02dcd25fac3da41676799616b43160.exe
- Size
  
  123KB
- MD5
  
  5f02dcd25fac3da41676799616b43160
- SHA1
  
  206daf4f00c38de3ed9772159be67e010061509a
- SHA256
  
  f23f3f065445ff8eb86cddf2197731f12c85735fe2e1d297b6d9be0c3d63fc73
- SHA512
  
  ed2ae629684dd3721e365a47e885ba7c87c9d12d91f845dc24d77717707f94a29f563be59f36b3f041f68808b78fbe1ac83f35d1d75e89125097bfd0d7faec0d
- SSDEEP
  
  3072:PfU/WF6QMauSuiWNi9CO+WARJrWNZIYvQd2s:AWKauSuiWNiUBRJrW7fs
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2