General
-
Target
NeptnExternalFree.exe
-
Size
3.5MB
-
Sample
230327-rb5k9afg9z
-
MD5
c99af5bbdb0b7696677840071616a258
-
SHA1
e7b768d41758cbf69c5a0c04faea4401059549a5
-
SHA256
995ee8dd588a42770bc31ccfd09d7dc6d5b37896f5d8f0ffafe95e3a8aa088bb
-
SHA512
56874951847161810250540fb34dd671556a258236078c159c55fb3f1351ae97e817ef23b06ca62f07e73a2fc79baf678f0bc396718e3c3bb21d3842c964fdef
-
SSDEEP
98304:5Wi11EuYWF9XDGLjgc0/mBZarnsEpjW18Hf5F1Gt:5Wq3YWbGIc0ggZW0RFc
Behavioral task
behavioral1
Sample
NeptnExternalFree.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
NeptnExternalFree.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
NeptnExternalFree.exe
-
Size
3.5MB
-
MD5
c99af5bbdb0b7696677840071616a258
-
SHA1
e7b768d41758cbf69c5a0c04faea4401059549a5
-
SHA256
995ee8dd588a42770bc31ccfd09d7dc6d5b37896f5d8f0ffafe95e3a8aa088bb
-
SHA512
56874951847161810250540fb34dd671556a258236078c159c55fb3f1351ae97e817ef23b06ca62f07e73a2fc79baf678f0bc396718e3c3bb21d3842c964fdef
-
SSDEEP
98304:5Wi11EuYWF9XDGLjgc0/mBZarnsEpjW18Hf5F1Gt:5Wq3YWbGIc0ggZW0RFc
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Sets service image path in registry
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-