General
-
Target
47310a735e0de0edfbfccfe1c5ef2770_NEAS
-
Size
128KB
-
Sample
240507-by65lafd75
-
MD5
47310a735e0de0edfbfccfe1c5ef2770
-
SHA1
49279cfe15a1e69bd34b774081661589e26ce60f
-
SHA256
6bc54f644e46c6fedb705661b4940d89ac3210dcaa37cb4c796a13d708ca207c
-
SHA512
1975c16c632f1335f815c6688eed89a31020412566e689fe356161813e6c3e9a129e1b33c4fe5564c0e9dd6a9895eaa559c76a6f023ca7c4c39fdd78cc074755
-
SSDEEP
3072:pE+8OKVuMxgMLQ813qgy0ExYhnMzJkt0lDMKPU:18NcMxdLQ81amJMF7eKs
Static task
static1
Behavioral task
behavioral1
Sample
47310a735e0de0edfbfccfe1c5ef2770_NEAS.dll
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
47310a735e0de0edfbfccfe1c5ef2770_NEAS.dll
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
47310a735e0de0edfbfccfe1c5ef2770_NEAS
-
Size
128KB
-
MD5
47310a735e0de0edfbfccfe1c5ef2770
-
SHA1
49279cfe15a1e69bd34b774081661589e26ce60f
-
SHA256
6bc54f644e46c6fedb705661b4940d89ac3210dcaa37cb4c796a13d708ca207c
-
SHA512
1975c16c632f1335f815c6688eed89a31020412566e689fe356161813e6c3e9a129e1b33c4fe5564c0e9dd6a9895eaa559c76a6f023ca7c4c39fdd78cc074755
-
SSDEEP
3072:pE+8OKVuMxgMLQ813qgy0ExYhnMzJkt0lDMKPU:18NcMxdLQ81amJMF7eKs
Score8/10-
Blocklisted process makes network request
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1