General
-
Target
installer_NEAS.exe
-
Size
2.7MB
-
Sample
240506-v21xjafa29
-
MD5
c29c49f54236b95c5f6228af66c651c5
-
SHA1
92c2a13c39757b0b656b44e0d1bc55e98ed5cc00
-
SHA256
0218dd62759681af9aa77bfbd8f43af8de695b7426bb74aecdcd9f25ee53f3da
-
SHA512
4fd926d42951e3e29a9d7a78b787567d86a5ae01a5bdcbf56058dc61a86d71d6b7bf4254a6136e9844cf2530f1a9bb5f645b40e804cc1cc2602d89bf193a505d
-
SSDEEP
49152:P9eUwdL4wRqh7YqAVpymthcNRhuvo5NMAN7q4HmfT5RhJRr0UUK81Ezw6HdPd5ik:85zgSt+svYNMAN7jOhJRDrwId
Behavioral task
behavioral1
Sample
installer_NEAS.exe
Resource
win7-20240221-en
Malware Config
Extracted
cryptbot
oct3m.top
oct3e.top
Targets
-
-
Target
installer_NEAS.exe
-
Size
2.7MB
-
MD5
c29c49f54236b95c5f6228af66c651c5
-
SHA1
92c2a13c39757b0b656b44e0d1bc55e98ed5cc00
-
SHA256
0218dd62759681af9aa77bfbd8f43af8de695b7426bb74aecdcd9f25ee53f3da
-
SHA512
4fd926d42951e3e29a9d7a78b787567d86a5ae01a5bdcbf56058dc61a86d71d6b7bf4254a6136e9844cf2530f1a9bb5f645b40e804cc1cc2602d89bf193a505d
-
SSDEEP
49152:P9eUwdL4wRqh7YqAVpymthcNRhuvo5NMAN7q4HmfT5RhJRr0UUK81Ezw6HdPd5ik:85zgSt+svYNMAN7jOhJRDrwId
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-