General
-
Target
NeptnExternalFree.exe
-
Size
3.4MB
-
Sample
230324-2nrj9shg89
-
MD5
bbedbbb87552cceb179e196588684cbc
-
SHA1
d1b7d2834140f503d7a7b92df30fadece473c29c
-
SHA256
b30dfb8608adf0c39754145ed1e8e8cf391ef1a5cafeb207bdb53dbfe80a4a08
-
SHA512
1e65d28aad644fc791a01eb55d3dc53d6f5c63c5fb5c9e52c96c384b5109499364a0ca433e09383972419b02e53662f15f9d238c4313aeb6842a4057be9429f3
-
SSDEEP
98304:i1NGlQS2DA5FlCPfvJj2wmfXWjY9sz985D:i1N+QXAHlohyP/WsA98B
Behavioral task
behavioral1
Sample
NeptnExternalFree.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
NeptnExternalFree.exe
-
Size
3.4MB
-
MD5
bbedbbb87552cceb179e196588684cbc
-
SHA1
d1b7d2834140f503d7a7b92df30fadece473c29c
-
SHA256
b30dfb8608adf0c39754145ed1e8e8cf391ef1a5cafeb207bdb53dbfe80a4a08
-
SHA512
1e65d28aad644fc791a01eb55d3dc53d6f5c63c5fb5c9e52c96c384b5109499364a0ca433e09383972419b02e53662f15f9d238c4313aeb6842a4057be9429f3
-
SSDEEP
98304:i1NGlQS2DA5FlCPfvJj2wmfXWjY9sz985D:i1N+QXAHlohyP/WsA98B
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-