Overview

overview

7

Static

static

3

NEAS.6fdea...a0.exe

windows7-x64

7

NEAS.6fdea...a0.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    NEAS.6fdea922e4bcbea3823198cfc4e3ada0.exe

  • Size

    1.1MB

  • Sample

    231116-pbx53abg76

  • MD5

    6fdea922e4bcbea3823198cfc4e3ada0

  • SHA1

    ccc0777c9c8bd2d23c6aa3bc231edc784d2cb3c9

  • SHA256

    ad67a8fe6205bcb328ffadb558b4ec1f51d892cd3e7a81edd41791f7cdcfd84d

  • SHA512

    8caaf0f40aa6688ff380362043fdcea8a821759aa5a84cf6f0c43a75ade5e2bf0a241053b0afefbf9e92e81e418cfad2cc78d4db8a3c7aedd7c7c05bad6116c5

  • SSDEEP

    24576:onsJ39LyjbJkQFMhmC+6GD9HJYVm43v6jV1:onsHyjtk2MYC5GDwVmNjV1

Score
7/10
bootkitpersistence

Malware Config

Targets

    • Target

      NEAS.6fdea922e4bcbea3823198cfc4e3ada0.exe

    • Size

      1.1MB

    • MD5

      6fdea922e4bcbea3823198cfc4e3ada0

    • SHA1

      ccc0777c9c8bd2d23c6aa3bc231edc784d2cb3c9

    • SHA256

      ad67a8fe6205bcb328ffadb558b4ec1f51d892cd3e7a81edd41791f7cdcfd84d

    • SHA512

      8caaf0f40aa6688ff380362043fdcea8a821759aa5a84cf6f0c43a75ade5e2bf0a241053b0afefbf9e92e81e418cfad2cc78d4db8a3c7aedd7c7c05bad6116c5

    • SSDEEP

      24576:onsJ39LyjbJkQFMhmC+6GD9HJYVm43v6jV1:onsHyjtk2MYC5GDwVmNjV1

    Score
    7/10
    bootkitpersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks