General
-
Target
43181faf4b89af5f0bcaf4723d9424c7c723e3489f46286ea0c3b57483dc5b16
-
Size
2.1MB
-
Sample
220707-31elxabdb5
-
MD5
65c47159ad930504229825ef323aecf8
-
SHA1
26974a01d0815a6f5cc63b34527a1a6a91ba2705
-
SHA256
43181faf4b89af5f0bcaf4723d9424c7c723e3489f46286ea0c3b57483dc5b16
-
SHA512
d2ccc975b97380f2c3d4fdc0d403f0b150b4e34eedc6b1e3f4d4d1ff773a6bb0d7dcb48cccfd83e8ac06ec2972006da9bc21481cadf02563dcc17cbe89888d77
Static task
static1
Behavioral task
behavioral1
Sample
43181faf4b89af5f0bcaf4723d9424c7c723e3489f46286ea0c3b57483dc5b16.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
43181faf4b89af5f0bcaf4723d9424c7c723e3489f46286ea0c3b57483dc5b16
-
Size
2.1MB
-
MD5
65c47159ad930504229825ef323aecf8
-
SHA1
26974a01d0815a6f5cc63b34527a1a6a91ba2705
-
SHA256
43181faf4b89af5f0bcaf4723d9424c7c723e3489f46286ea0c3b57483dc5b16
-
SHA512
d2ccc975b97380f2c3d4fdc0d403f0b150b4e34eedc6b1e3f4d4d1ff773a6bb0d7dcb48cccfd83e8ac06ec2972006da9bc21481cadf02563dcc17cbe89888d77
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
suricata: ET MALWARE Win32/Neurevt.A/Betabot Check-in 4
suricata: ET MALWARE Win32/Neurevt.A/Betabot Check-in 4
-
XMRig Miner payload
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-