Overview

overview

8

Static

static

3

Neoblox_Bo....8.exe

windows10-2004-x64

8

Neoblox_Bo...er.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    Neoblox_Bootstrapper.zip

  • Size

    115.7MB

  • Sample

    230815-m646racc4y

  • MD5

    96197a1a6feedcd95598409951ea1059

  • SHA1

    0904fc39491f8cc8049c95a67e13d31e19b787e5

  • SHA256

    4ef5ad0d0f391bc4063fec155095dcc72d1822f1286a450eaa017f4d7fb777b4

  • SHA512

    de6d57d030627746375343735dc6400ea3bc489dcb7fa8d4cbaf2820d0688f8df4cf382710d4e423d675f8ad58912ac22dc30e5f4ff5727de431e2e17d1e02d5

  • SSDEEP

    3145728:3WS3yaiTkxhl4th8nM+EjOoScr+IxtXAp+G/:mS3Hi+lE8bEj9ScrJxSl/

Score
8/10
persistencespywarestealer

Malware Config

Targets

    • Target

      Neoblox_Bootstrapper/Prerequisites/Install .NET Framework 4.8.exe

    • Size

      115.7MB

    • MD5

      7d2b599470e34481138444866b7e4ea6

    • SHA1

      e322e2e0fb4c86172c38a97dc6c71982134f0570

    • SHA256

      68c9986a8dcc0214d909aa1f31bee9fb5461bb839edca996a75b08ddffc1483f

    • SHA512

      ffb6c226af4e5c8ffa7210d5115701883abf12a8b1cbae6e08122fb94dd93763468bff5b00060eabef19c147b0a4d8063dde318d2b928ce397c58f7949736c5f

    • SSDEEP

      3145728:DWohcYqvQfTTkfxS9UQqp2+SGvMmnXvW8CG:CohtqITqSTqp/SGvTnmG

    Score
    8/10
    persistencespywarestealer

    • Downloads MZ/PE file

    • Sets file execution options in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Registers COM server for autorun

      persistence

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

    • Target

      Neoblox_Bootstrapper/neobloxBootstrapper.exe

    • Size

      323KB

    • MD5

      07c00a89b882adab59d0b2e6eeac3516

    • SHA1

      05ef4e1c48a3d081bb535b979e0e88a242cfdd48

    • SHA256

      719f686324040140c4d8b03c5a35c4036b2a5535f1ee5aaf50ad79f2367126e2

    • SHA512

      6a98ce5df9a7fbeb910bbea419b22794b7b4cde06f19222e55c1a21642a1e7b0036ae95022006de7ce8eabca78773ec07b01ee6e9d6ef6a6d7b62aebf5e15401

    • SSDEEP

      3072:AsUO2N00bFdFUq6C3IfTprNqHSR3/16dBei:A0rwFdMV7eBe

    Score
    1/10
    behavioral2

MITRE ATT&CK Enterprise v15

Tasks