General
-
Target
CFDI_826271.zip
-
Size
772KB
-
Sample
220713-g9glzaaher
-
MD5
39d18965b64c2d246e47ac6bdca89948
-
SHA1
af8a963f9dd8e4533ced74e175aac15397d5bf22
-
SHA256
003d956c79e94020bd1c15c118ed6533a76cc1932ed5c05dd303d3b7564739e3
-
SHA512
253dc2a159e0b08e358a90a5670fd795bcd2f1b5245c049b481c1dbb852d4a9136a685a7536b86dd782e2b176169ccaaaaf36779350cfe2d76175c88993d3b81
Static task
static1
Behavioral task
behavioral1
Sample
CFDI_826271_53535.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
CFDI_826271_53535.exe
-
Size
894KB
-
MD5
f89a4c9d373e3c928bc405d56a496850
-
SHA1
de58bf97363c74d83249df1ec2f1e9d62a2101d9
-
SHA256
c040a2c32938707e1579fecce89e3c4fa04d019a467f642dd2bb18bab35bf99d
-
SHA512
eb02dcd476e67db8ec0d9bfde5698967c657bbc6cb55973445c565cd10999772b8ba18ecacd85c36bb88ac81898a0d34f2509cf6e2a954c890ffc5c07421d514
-
Modifies firewall policy service
-
suricata: ET MALWARE Win32/Neurevt.A/Betabot Check-in 4
suricata: ET MALWARE Win32/Neurevt.A/Betabot Check-in 4
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-