General
-
Target
0261d6eeeb92f6782b02cf6475cd91d0_NEAS
-
Size
153KB
-
Sample
240506-x33tmaae24
-
MD5
0261d6eeeb92f6782b02cf6475cd91d0
-
SHA1
17919c89efbbf7ef5904a09ef96a105d4ec794bf
-
SHA256
f9f7618143f6737b27cde9e9f13ab2d822f23c21633903671566ba89fc5fdfe1
-
SHA512
821984bcc61beda8dd89bd02591cd4a306da81d99f7006559fa018d66bf9a8d0a3d53ce910f71bf848bb1564ae2463f85ecd5723bc1fcf790e89fa7441eddc4e
-
SSDEEP
3072:oZpYg19EeiLLmjempGuCYooEK1JWaCItULG3rt2Wcora4dIM:OPjEl6jLiQ1JW+Oy3p/D
Static task
static1
Behavioral task
behavioral1
Sample
0261d6eeeb92f6782b02cf6475cd91d0_NEAS.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0261d6eeeb92f6782b02cf6475cd91d0_NEAS.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
0261d6eeeb92f6782b02cf6475cd91d0_NEAS
-
Size
153KB
-
MD5
0261d6eeeb92f6782b02cf6475cd91d0
-
SHA1
17919c89efbbf7ef5904a09ef96a105d4ec794bf
-
SHA256
f9f7618143f6737b27cde9e9f13ab2d822f23c21633903671566ba89fc5fdfe1
-
SHA512
821984bcc61beda8dd89bd02591cd4a306da81d99f7006559fa018d66bf9a8d0a3d53ce910f71bf848bb1564ae2463f85ecd5723bc1fcf790e89fa7441eddc4e
-
SSDEEP
3072:oZpYg19EeiLLmjempGuCYooEK1JWaCItULG3rt2Wcora4dIM:OPjEl6jLiQ1JW+Oy3p/D
Score7/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1