General
-
Target
458412e9c3954cb35d433c1347dd2349f823f6b92e0f63b19407527c81c5173a
-
Size
676KB
-
Sample
220707-nt3mtsffan
-
MD5
8d2bedd39ea94e7fc099b5bf489eb37a
-
SHA1
fa80956af1e01ef7c0ab1bd984a3da58af64b8a8
-
SHA256
458412e9c3954cb35d433c1347dd2349f823f6b92e0f63b19407527c81c5173a
-
SHA512
c9cc02ef277910b51b36505a47d93feeac8d5fbb31c766df547a460c120e0d88863d28a134a423540f96e41066f8f8558b5b2401163c272db892709c8951202a
Static task
static1
Behavioral task
behavioral1
Sample
458412e9c3954cb35d433c1347dd2349f823f6b92e0f63b19407527c81c5173a.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
458412e9c3954cb35d433c1347dd2349f823f6b92e0f63b19407527c81c5173a
-
Size
676KB
-
MD5
8d2bedd39ea94e7fc099b5bf489eb37a
-
SHA1
fa80956af1e01ef7c0ab1bd984a3da58af64b8a8
-
SHA256
458412e9c3954cb35d433c1347dd2349f823f6b92e0f63b19407527c81c5173a
-
SHA512
c9cc02ef277910b51b36505a47d93feeac8d5fbb31c766df547a460c120e0d88863d28a134a423540f96e41066f8f8558b5b2401163c272db892709c8951202a
-
Modifies firewall policy service
-
suricata: ET MALWARE Win32/Neurevt.A/Betabot Check-in 4
suricata: ET MALWARE Win32/Neurevt.A/Betabot Check-in 4
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-