f563f2ed5334e86c26aeb3bb1f0517cc02b866988c19bd2a9ae743c33ab1b003 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.ba21018e9d8d5a990e9ac1e6ccc268a0.exe
Size

30KB
Sample

231116-kzr7hahc64
MD5

ba21018e9d8d5a990e9ac1e6ccc268a0
SHA1

8f178c9d61cdc51d97aac9ae1545c4e850a8aeac
SHA256

f563f2ed5334e86c26aeb3bb1f0517cc02b866988c19bd2a9ae743c33ab1b003
SHA512

ef93ad9288052f63303abc94c8d1f1a8bff91b74be14493c0554a945728a075a3dc7ecd4feaea1ff875199444baab06646cbd73f153300aaed02a972befd4cf3
SSDEEP

768:qZL/0F24lercjO4sTZg5ZLvn2IuWZ0kqKNPWQHp+:OLsF2Kerc64sTiX2IV0Dhu+

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  NEAS.ba21018e9d8d5a990e9ac1e6ccc268a0.exe
- Size
  
  30KB
- MD5
  
  ba21018e9d8d5a990e9ac1e6ccc268a0
- SHA1
  
  8f178c9d61cdc51d97aac9ae1545c4e850a8aeac
- SHA256
  
  f563f2ed5334e86c26aeb3bb1f0517cc02b866988c19bd2a9ae743c33ab1b003
- SHA512
  
  ef93ad9288052f63303abc94c8d1f1a8bff91b74be14493c0554a945728a075a3dc7ecd4feaea1ff875199444baab06646cbd73f153300aaed02a972befd4cf3
- SSDEEP
  
  768:qZL/0F24lercjO4sTZg5ZLvn2IuWZ0kqKNPWQHp+:OLsF2Kerc64sTiX2IV0Dhu+
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2