General
-
Target
CFDI_826271_26-01-2022.zip
-
Size
771KB
-
Sample
220713-g9glzaaheq
-
MD5
40cfabe26ea0d257173b230c43666dc6
-
SHA1
ade967270c2549bc2499f0247cf5811bc9168d37
-
SHA256
ef781682e4a93247b663991423cb28c6c0111c21f80bc5c2c94a6d239808e446
-
SHA512
b81eca57fa281bafc1fea09cad9edd24319f9e334011add4261ac7545e61d3d18cea36a5f8ea3cf47a4a17861fd95664bbdc063b01f6fbe28534861ae3d9f21c
Static task
static1
Behavioral task
behavioral1
Sample
CFDI_826271_53535.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
CFDI_826271_53535.exe
-
Size
894KB
-
MD5
f89a4c9d373e3c928bc405d56a496850
-
SHA1
de58bf97363c74d83249df1ec2f1e9d62a2101d9
-
SHA256
c040a2c32938707e1579fecce89e3c4fa04d019a467f642dd2bb18bab35bf99d
-
SHA512
eb02dcd476e67db8ec0d9bfde5698967c657bbc6cb55973445c565cd10999772b8ba18ecacd85c36bb88ac81898a0d34f2509cf6e2a954c890ffc5c07421d514
-
Modifies firewall policy service
-
suricata: ET MALWARE Win32/Neurevt.A/Betabot Check-in 4
suricata: ET MALWARE Win32/Neurevt.A/Betabot Check-in 4
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-