cbfa80497f1cc842ef4f42601b9827b65b3d4c413eb9f967cb96b6f9d3f81252 | Triage

Sharing

General

Target

37c1379596c08f49ca728973d2b42b30_NEIKI
Size

38KB
Sample

240508-yzmhxadd2w
MD5

37c1379596c08f49ca728973d2b42b30
SHA1

bb24ee5d6e09b4a1e86070c461851abf22bce7be
SHA256

cbfa80497f1cc842ef4f42601b9827b65b3d4c413eb9f967cb96b6f9d3f81252
SHA512

0ad15f7084c9af8a88c62d4b634438dcce73c4659c307bd407cb1e0587d264c32f0f9eabd7492a769404576980a7e1e1ccc71d4b56e34485f4669e3e585d61ec
SSDEEP

768:fZjIoksdZlOvrA9DvsLKDrnuIeQTls5SQ48NPKQHDFw/Bh2+aBrP:RjwsdXOvrA9DvsLKfuIbBskQ4nsFwSrP

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  37c1379596c08f49ca728973d2b42b30_NEIKI
- Size
  
  38KB
- MD5
  
  37c1379596c08f49ca728973d2b42b30
- SHA1
  
  bb24ee5d6e09b4a1e86070c461851abf22bce7be
- SHA256
  
  cbfa80497f1cc842ef4f42601b9827b65b3d4c413eb9f967cb96b6f9d3f81252
- SHA512
  
  0ad15f7084c9af8a88c62d4b634438dcce73c4659c307bd407cb1e0587d264c32f0f9eabd7492a769404576980a7e1e1ccc71d4b56e34485f4669e3e585d61ec
- SSDEEP
  
  768:fZjIoksdZlOvrA9DvsLKDrnuIeQTls5SQ48NPKQHDFw/Bh2+aBrP:RjwsdXOvrA9DvsLKfuIbBskQ4nsFwSrP
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2