General
-
Target
47c4ecd0b8599f6df90b4ae35bd270dc845a2c9a28cb9d3a261e6f105138112c
-
Size
400KB
-
Sample
220714-f9kg7abaf2
-
MD5
642ec6abbe3587317725f444ab6489a7
-
SHA1
63cbc9d13a9e7bf9e4a0e2908cdee40deaaab0f5
-
SHA256
47c4ecd0b8599f6df90b4ae35bd270dc845a2c9a28cb9d3a261e6f105138112c
-
SHA512
3672b47ac0771ad3d212c2e02dc97d12eb6295bc063a745fbf95b43217574974faa400c626c09dfe39d24f3c52aede74df7521dd7d6d4f30dce258342cbaf888
Static task
static1
Behavioral task
behavioral1
Sample
47c4ecd0b8599f6df90b4ae35bd270dc845a2c9a28cb9d3a261e6f105138112c.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
47c4ecd0b8599f6df90b4ae35bd270dc845a2c9a28cb9d3a261e6f105138112c
-
Size
400KB
-
MD5
642ec6abbe3587317725f444ab6489a7
-
SHA1
63cbc9d13a9e7bf9e4a0e2908cdee40deaaab0f5
-
SHA256
47c4ecd0b8599f6df90b4ae35bd270dc845a2c9a28cb9d3a261e6f105138112c
-
SHA512
3672b47ac0771ad3d212c2e02dc97d12eb6295bc063a745fbf95b43217574974faa400c626c09dfe39d24f3c52aede74df7521dd7d6d4f30dce258342cbaf888
-
Modifies firewall policy service
-
suricata: ET MALWARE Win32/Neurevt.A/Betabot Check-in 4
suricata: ET MALWARE Win32/Neurevt.A/Betabot Check-in 4
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-