167acfff3691aeece7e33922a13bcb89f83138b9f5b0c4f7b5ebff8d0323f308 | Triage

Sharing

General

Target

8f1919491049c61a1231fbcccc6b0640_NEAS
Size

30KB
Sample

240507-h5px8aed8z
MD5

8f1919491049c61a1231fbcccc6b0640
SHA1

727f5314ed443d253ead9ae0cf01e124b4af27ae
SHA256

167acfff3691aeece7e33922a13bcb89f83138b9f5b0c4f7b5ebff8d0323f308
SHA512

50d851a753baa5b754838dd764d704f6296bcbdd31dfd642cd5d19b1b42fb1c88be17b4c1a4e4e2f70de534c46c76b807980e0aebde01aad03b23d5817bac67b
SSDEEP

384:CV6wM2h3ln/3m0p/Qhlg8dgQBY8hrBpj6480BpLe2MJ0W8xj:Q6K7fJKFiQTrLjdTLTW8xj

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  8f1919491049c61a1231fbcccc6b0640_NEAS
- Size
  
  30KB
- MD5
  
  8f1919491049c61a1231fbcccc6b0640
- SHA1
  
  727f5314ed443d253ead9ae0cf01e124b4af27ae
- SHA256
  
  167acfff3691aeece7e33922a13bcb89f83138b9f5b0c4f7b5ebff8d0323f308
- SHA512
  
  50d851a753baa5b754838dd764d704f6296bcbdd31dfd642cd5d19b1b42fb1c88be17b4c1a4e4e2f70de534c46c76b807980e0aebde01aad03b23d5817bac67b
- SSDEEP
  
  384:CV6wM2h3ln/3m0p/Qhlg8dgQBY8hrBpj6480BpLe2MJ0W8xj:Q6K7fJKFiQTrLjdTLTW8xj
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2