d7e31557e6c6050e4d6e80cd685077cdc8b7fce29fabb95cca83df3063560197 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

71abb0ace4f9e84c885a4047096570c0_NEIKI
Size

69KB
Sample

240508-acyqnaae69
MD5

71abb0ace4f9e84c885a4047096570c0
SHA1

2a2b00c9d5f655f563b647265b22a03b92c0b245
SHA256

d7e31557e6c6050e4d6e80cd685077cdc8b7fce29fabb95cca83df3063560197
SHA512

2b91a78c334c1d16fe0b2cf85beb8a991f024884792ca4dadf69a390bbf6f631afb125bdd0b9bde8f04d8be21b8e8f95210965223cf7011be1f71e2c83917f3f
SSDEEP

768:q2i3EJFMjTKQ7KwYSN+OdAV7Nkvqp6jBeFZTFiRdELKU1WRkJl0UFlTDIrBmMmWE:q2EEJFMjve2+kvqqewLy+kzM5BFhK0Tw

Score

10^/10

evasion

Malware Config

Targets

- Target
  
  71abb0ace4f9e84c885a4047096570c0_NEIKI
- Size
  
  69KB
- MD5
  
  71abb0ace4f9e84c885a4047096570c0
- SHA1
  
  2a2b00c9d5f655f563b647265b22a03b92c0b245
- SHA256
  
  d7e31557e6c6050e4d6e80cd685077cdc8b7fce29fabb95cca83df3063560197
- SHA512
  
  2b91a78c334c1d16fe0b2cf85beb8a991f024884792ca4dadf69a390bbf6f631afb125bdd0b9bde8f04d8be21b8e8f95210965223cf7011be1f71e2c83917f3f
- SSDEEP
  
  768:q2i3EJFMjTKQ7KwYSN+OdAV7Nkvqp6jBeFZTFiRdELKU1WRkJl0UFlTDIrBmMmWE:q2EEJFMjve2+kvqqewLy+kzM5BFhK0Tw
Score

10^/10

evasion
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2