General

  • Target

    5ce05fedd47158f7269e205aae5ce150_NEAS

  • Size

    187KB

  • Sample

    240507-d5slwsgc8w

  • MD5

    5ce05fedd47158f7269e205aae5ce150

  • SHA1

    cf2d4b335c3f16beb3acc54e9e7592ebafcb1b2c

  • SHA256

    85fd4b0b303b2ff58ff72f6face0fcaf5c0dd506356cb6502c0d540784d6cdad

  • SHA512

    a9d1daa0b5dbae6cd548484d3c10ef500aaa1db6dc0f4e38baf94d8ceff7c0f134e2a2a12d72997a226185214da9438ad3556d9cfd1d4d46b06b43f18e159a73

  • SSDEEP

    3072:gjbLl/gvQoutxMlqsmQKGkbxS7i/AFCoL9ibmz0nqM2yd9ElgQcxl6XQQ:gjluQoSxMlqjGU6CoLki0nqM2yElgHfK

Malware Config

Targets

    • Target

      5ce05fedd47158f7269e205aae5ce150_NEAS

    • Size

      187KB

    • MD5

      5ce05fedd47158f7269e205aae5ce150

    • SHA1

      cf2d4b335c3f16beb3acc54e9e7592ebafcb1b2c

    • SHA256

      85fd4b0b303b2ff58ff72f6face0fcaf5c0dd506356cb6502c0d540784d6cdad

    • SHA512

      a9d1daa0b5dbae6cd548484d3c10ef500aaa1db6dc0f4e38baf94d8ceff7c0f134e2a2a12d72997a226185214da9438ad3556d9cfd1d4d46b06b43f18e159a73

    • SSDEEP

      3072:gjbLl/gvQoutxMlqsmQKGkbxS7i/AFCoL9ibmz0nqM2yd9ElgQcxl6XQQ:gjluQoSxMlqjGU6CoLki0nqM2yElgHfK

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks