General
-
Target
NeptnExternalFree.exe
-
Size
3.5MB
-
Sample
230326-ch9q8afb95
-
MD5
01e8ba61787a19bc8838fe845fdbeec1
-
SHA1
6ee449056214222388c91d147712c035a0e8dec2
-
SHA256
88ca77450527c906fe9d75e2f9f12280fa8dadd02691c15efdb487bd875499a6
-
SHA512
9fbb531764adfb9c6cae4735405d5d302eeb2bed85c028a5e69719b29b18f61f598ef1021bd6bb1ff5c826992b5c84e4c6d547d55b202127ee88ceec666ab6db
-
SSDEEP
49152:yn3wi5r0to7oRoAqcOBLCDjhYCuge31JXigR4Hd20Z3taNxPMb68OX6E8kFWOZR1:yA+YtuvcSyjhjovigRWnZ9MObTOLvf48
Behavioral task
behavioral1
Sample
NeptnExternalFree.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
NeptnExternalFree.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
NeptnExternalFree.exe
-
Size
3.5MB
-
MD5
01e8ba61787a19bc8838fe845fdbeec1
-
SHA1
6ee449056214222388c91d147712c035a0e8dec2
-
SHA256
88ca77450527c906fe9d75e2f9f12280fa8dadd02691c15efdb487bd875499a6
-
SHA512
9fbb531764adfb9c6cae4735405d5d302eeb2bed85c028a5e69719b29b18f61f598ef1021bd6bb1ff5c826992b5c84e4c6d547d55b202127ee88ceec666ab6db
-
SSDEEP
49152:yn3wi5r0to7oRoAqcOBLCDjhYCuge31JXigR4Hd20Z3taNxPMb68OX6E8kFWOZR1:yA+YtuvcSyjhjovigRWnZ9MObTOLvf48
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Sets service image path in registry
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-