dcf5453a2be04f3ebe45d56e631a9cadb573b27de1ef142ecd958ba8560f0dd0 | Triage

Sharing

General

Target

N3XUS.exe
Size

255KB
Sample

241121-lyfbzsvrbj
MD5

a5c463cb69a24c37d962587706f4df4b
SHA1

634520f698c5ce7df3e51174fe64306b1b0f1bfe
SHA256

dcf5453a2be04f3ebe45d56e631a9cadb573b27de1ef142ecd958ba8560f0dd0
SHA512

92f61d162802401ae7473e235becd580419a57e1cfe99475166717d93de26e51ecbd60bbebbe0b9a6a8fe15bb1c42c9f31676cef37815f040a0c408108c04c2e
SSDEEP

3072:Sz2z1EWSnEvrSmD+l25mFdO4em5guIg+GtfDVVtTzKE:Sz2zBvrSmD/d4z5UlqDVvzKE

Score

7^/10

defense_evasion persistence privilege_escalation

Malware Config

Targets

- Target
  
  N3XUS.exe
- Size
  
  255KB
- MD5
  
  a5c463cb69a24c37d962587706f4df4b
- SHA1
  
  634520f698c5ce7df3e51174fe64306b1b0f1bfe
- SHA256
  
  dcf5453a2be04f3ebe45d56e631a9cadb573b27de1ef142ecd958ba8560f0dd0
- SHA512
  
  92f61d162802401ae7473e235becd580419a57e1cfe99475166717d93de26e51ecbd60bbebbe0b9a6a8fe15bb1c42c9f31676cef37815f040a0c408108c04c2e
- SSDEEP
  
  3072:Sz2z1EWSnEvrSmD+l25mFdO4em5guIg+GtfDVVtTzKE:Sz2zBvrSmD/d4z5UlqDVvzKE
Score

7^/10

defense_evasion persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

defense_evasionpersistenceprivilege_escalation