Behavioral task
behavioral1
Sample
NEAS.8fbcdb2612200b98608bf1c201bb7060.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.8fbcdb2612200b98608bf1c201bb7060.exe
Resource
win10v2004-20231020-en
General
-
Target
NEAS.8fbcdb2612200b98608bf1c201bb7060.exe
-
Size
64KB
-
MD5
8fbcdb2612200b98608bf1c201bb7060
-
SHA1
06cdd158fe2ec9a830f78736db82a34817a921d9
-
SHA256
60bbf7ba59373413d71faca4f271a5d8ab9568f4c6d4ab19ef2e9e1314577225
-
SHA512
b47b3bbeb0773f77ef0197728937f5e1abd65bfbce5baab00cc6f89a3908f9b34ff0c09244ee286cb395975f05dacda5180175fc46c2e963448303105920dad2
-
SSDEEP
768:JWHaR+G0WNlJQnnuZfHLudTjjKZKfgm3EhHe:Y8NoELudTHF7Ede
Malware Config
Signatures
-
Mercurialgrabber family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource NEAS.8fbcdb2612200b98608bf1c201bb7060.exe
Files
-
NEAS.8fbcdb2612200b98608bf1c201bb7060.exe.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ