1c035c7ab20c82f6d9d13d21f279da1f839e0db600bd8935524466f4c0591037 | Triage

Sharing

General

Target

dfc1d7cf8d79b9d0cf84d9e1ffdc4530_NEIKI
Size

4.9MB
Sample

240508-fytaysfc39
MD5

dfc1d7cf8d79b9d0cf84d9e1ffdc4530
SHA1

d0bf261762c87dcbba86aa47b9d11a0bb9a5f41b
SHA256

1c035c7ab20c82f6d9d13d21f279da1f839e0db600bd8935524466f4c0591037
SHA512

0bef9d680a83d0c2cb440c27955a4441eb11a2584abaf58a040fc5bbb6ad95d6d05b7f53046f9c7a6759c9751900b4ea3ef291a370ff76a200844af08775d919
SSDEEP

98304:YKIkiKIkdd/yzt67OU7apyKIkdd/yzt67OU7apyKIkd:8PYazg7DSmYazg7DSmq

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  dfc1d7cf8d79b9d0cf84d9e1ffdc4530_NEIKI
- Size
  
  4.9MB
- MD5
  
  dfc1d7cf8d79b9d0cf84d9e1ffdc4530
- SHA1
  
  d0bf261762c87dcbba86aa47b9d11a0bb9a5f41b
- SHA256
  
  1c035c7ab20c82f6d9d13d21f279da1f839e0db600bd8935524466f4c0591037
- SHA512
  
  0bef9d680a83d0c2cb440c27955a4441eb11a2584abaf58a040fc5bbb6ad95d6d05b7f53046f9c7a6759c9751900b4ea3ef291a370ff76a200844af08775d919
- SSDEEP
  
  98304:YKIkiKIkdd/yzt67OU7apyKIkdd/yzt67OU7apyKIkd:8PYazg7DSmYazg7DSmq
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2