General

  • Target

    NEAS.98b59ec2fff64cf58ee401a87d7301cf.exe

  • Size

    774KB

  • Sample

    231116-wnc4zsff8v

  • MD5

    98b59ec2fff64cf58ee401a87d7301cf

  • SHA1

    22509f4b24df7845bc1419644e35ccb58c7d695a

  • SHA256

    fcb8e29b3dedb1c9d5e1a3f76c46d1a685b2ce0548b0d26ebe5a284885f7c602

  • SHA512

    4913b4e955fbc5ad69e9da9b6d518eee2dc3b9b77eb7af11569ae880ac152bfd537f50d0a9d4061b6c2c0bfec99d01f04173367315949843c601ebcd7a9803fb

  • SSDEEP

    24576:0er8RRgGEo7NdYzEA52s/nbPWJIpmjvmx:uv977NuzIs/aJIpmqx

Malware Config

Targets

    • Target

      NEAS.98b59ec2fff64cf58ee401a87d7301cf.exe

    • Size

      774KB

    • MD5

      98b59ec2fff64cf58ee401a87d7301cf

    • SHA1

      22509f4b24df7845bc1419644e35ccb58c7d695a

    • SHA256

      fcb8e29b3dedb1c9d5e1a3f76c46d1a685b2ce0548b0d26ebe5a284885f7c602

    • SHA512

      4913b4e955fbc5ad69e9da9b6d518eee2dc3b9b77eb7af11569ae880ac152bfd537f50d0a9d4061b6c2c0bfec99d01f04173367315949843c601ebcd7a9803fb

    • SSDEEP

      24576:0er8RRgGEo7NdYzEA52s/nbPWJIpmjvmx:uv977NuzIs/aJIpmqx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks