General
-
Target
C6BA807010AEC7A25AD106D9BCE0F3B70D9C3D2223E93.exe
-
Size
335KB
-
Sample
211001-z413jadcfq
-
MD5
99cf40f54910d611105302fee1851b7d
-
SHA1
29b9ee192ebf4b587dbfd0d908f6ae74a7b3817d
-
SHA256
c6ba807010aec7a25ad106d9bce0f3b70d9c3d2223e93344cf5fad10ed1eedd3
-
SHA512
037eea6d933f25e71a41d3fb63ca5e2e296e2300d1e5273e93fa40d5c0c76e5aa3334890c4e1ef4c8d9937384d539da94a77ba4ba638eb079d3f559c05f4bd12
Static task
static1
Behavioral task
behavioral1
Sample
C6BA807010AEC7A25AD106D9BCE0F3B70D9C3D2223E93.exe
Resource
win7-en-20210920
Malware Config
Targets
-
-
Target
C6BA807010AEC7A25AD106D9BCE0F3B70D9C3D2223E93.exe
-
Size
335KB
-
MD5
99cf40f54910d611105302fee1851b7d
-
SHA1
29b9ee192ebf4b587dbfd0d908f6ae74a7b3817d
-
SHA256
c6ba807010aec7a25ad106d9bce0f3b70d9c3d2223e93344cf5fad10ed1eedd3
-
SHA512
037eea6d933f25e71a41d3fb63ca5e2e296e2300d1e5273e93fa40d5c0c76e5aa3334890c4e1ef4c8d9937384d539da94a77ba4ba638eb079d3f559c05f4bd12
-
Modifies firewall policy service
-
suricata: ET MALWARE Win32/Neurevt.A/Betabot Check-in 4
suricata: ET MALWARE Win32/Neurevt.A/Betabot Check-in 4
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-