77fc0d70b16414807dc4a21e3ffa4b6b833f749c3c860f7a6e983f9d02dc6b37 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.fa1b03fbe5dcd9cb3ed0546e0baafc70.exe
Size

98KB
Sample

231117-xdvrqacf92
MD5

fa1b03fbe5dcd9cb3ed0546e0baafc70
SHA1

68f39607ef2b2365c09b99cc0501ba1415fe9423
SHA256

77fc0d70b16414807dc4a21e3ffa4b6b833f749c3c860f7a6e983f9d02dc6b37
SHA512

8de11d19a3c1ef62ea05e1f739f3c46ced164696fc2dcec2a0ec6223606d1da582ef580a9abd5b32d0698cef27bd1b3fe4fe2dd889c64b8d0e58e9eabc44bb31
SSDEEP

3072:NubiWgY6SoqgfwaaAH7ExeFKPD375lHzpa1P:NRzbaIExeYr75lHzpaF

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  NEAS.fa1b03fbe5dcd9cb3ed0546e0baafc70.exe
- Size
  
  98KB
- MD5
  
  fa1b03fbe5dcd9cb3ed0546e0baafc70
- SHA1
  
  68f39607ef2b2365c09b99cc0501ba1415fe9423
- SHA256
  
  77fc0d70b16414807dc4a21e3ffa4b6b833f749c3c860f7a6e983f9d02dc6b37
- SHA512
  
  8de11d19a3c1ef62ea05e1f739f3c46ced164696fc2dcec2a0ec6223606d1da582ef580a9abd5b32d0698cef27bd1b3fe4fe2dd889c64b8d0e58e9eabc44bb31
- SSDEEP
  
  3072:NubiWgY6SoqgfwaaAH7ExeFKPD375lHzpa1P:NRzbaIExeYr75lHzpaF
Score

10^/10

persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2