General
-
Target
424F2F46F0CF4C96C2F8EF8954D1438DB206486353601.exe
-
Size
847KB
-
Sample
211104-3et5gafadl
-
MD5
765edcb9497beb40105bd6e9c4f10a04
-
SHA1
67584c4b84225b73807a950298de37d23065a178
-
SHA256
424f2f46f0cf4c96c2f8ef8954d1438db206486353601425ead011d74c4cb128
-
SHA512
0da3c38d19bc74e25e1e510280f1229cc788bccfb5725cef4823f0f45b6e1954099f9e2238bc6836fcd1d66450c160a0aef5ccfc2e5b87c73bcfedeb588c1c5d
Static task
static1
Behavioral task
behavioral1
Sample
424F2F46F0CF4C96C2F8EF8954D1438DB206486353601.exe
Resource
win7-en-20211014
Malware Config
Targets
-
-
Target
424F2F46F0CF4C96C2F8EF8954D1438DB206486353601.exe
-
Size
847KB
-
MD5
765edcb9497beb40105bd6e9c4f10a04
-
SHA1
67584c4b84225b73807a950298de37d23065a178
-
SHA256
424f2f46f0cf4c96c2f8ef8954d1438db206486353601425ead011d74c4cb128
-
SHA512
0da3c38d19bc74e25e1e510280f1229cc788bccfb5725cef4823f0f45b6e1954099f9e2238bc6836fcd1d66450c160a0aef5ccfc2e5b87c73bcfedeb588c1c5d
-
Modifies firewall policy service
-
suricata: ET MALWARE Win32/Neurevt.A/Betabot Check-in 4
suricata: ET MALWARE Win32/Neurevt.A/Betabot Check-in 4
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-