General
-
Target
053e024947a8103550e2250b51a61f65eb0a7f9a99c9c1783d5fd86ecde1d786
-
Size
613KB
-
Sample
220713-hdgsjaead9
-
MD5
25809fc57cbbfdbc64b4c5d4e17d1d06
-
SHA1
0415083490d597fc23ddc7c6e5163ad51ee60213
-
SHA256
053e024947a8103550e2250b51a61f65eb0a7f9a99c9c1783d5fd86ecde1d786
-
SHA512
a078e118303ff225c7526a844e8b0984362e7f764a473fd3599781c432280f5ef6b00eaf6c8ed2dd08bde115e66f675795a0f6769a51fbfe1a0a5e14e3f4509a
Behavioral task
behavioral1
Sample
053e024947a8103550e2250b51a61f65eb0a7f9a99c9c1783d5fd86ecde1d786.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
053e024947a8103550e2250b51a61f65eb0a7f9a99c9c1783d5fd86ecde1d786.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
053e024947a8103550e2250b51a61f65eb0a7f9a99c9c1783d5fd86ecde1d786
-
Size
613KB
-
MD5
25809fc57cbbfdbc64b4c5d4e17d1d06
-
SHA1
0415083490d597fc23ddc7c6e5163ad51ee60213
-
SHA256
053e024947a8103550e2250b51a61f65eb0a7f9a99c9c1783d5fd86ecde1d786
-
SHA512
a078e118303ff225c7526a844e8b0984362e7f764a473fd3599781c432280f5ef6b00eaf6c8ed2dd08bde115e66f675795a0f6769a51fbfe1a0a5e14e3f4509a
-
Modifies firewall policy service
-
Modifies security service
-
suricata: ET MALWARE Win32/Neurevt.A/Betabot Check-in 4
suricata: ET MALWARE Win32/Neurevt.A/Betabot Check-in 4
-
Disables taskbar notifications via registry modification
-
Disables use of System Restore points
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets file execution options in registry
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-