MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3d759e1a22e9409de973cc5040093aff85d02303712fe10283b7baff63de9f73. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Neurevt

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	3d759e1a22e9409de973cc5040093aff85d02303712fe10283b7baff63de9f73
SHA3-384 hash:	b61dafdd7ceeb4d630c23a3756c803d8f7c1e0de3d48c605fe0fb0369a8d8fefb6c8d8be3932091ac51a0371a2e489a4
SHA1 hash:	3fcce36fedb3c9ef01da0b6caf54f2c04d919e71
MD5 hash:	34297552a18275ab7f2b8b7a41e4c7a0
humanhash:	ten-mike-six-cardinal
File name:	URGENT ORDER 05020012.pif
Download:	download sample
Signature	Neurevt Create hunting rule
File size:	90'112 bytes
First seen:	2020-05-13 06:04:49 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	0224bd0ebafba1423237c463c09d7fef (1 x Neurevt)
ssdeep	768:SfPL0KfVVw7wNCjmWeIHb35OlsBDQcSEyryP1ACr5uAoopgkmLgrh3:ZKfE2CjIw5OeBERg5b/
Threatray	183 similar samples on MalwareBazaar
TLSH	5B932B1BF2948866D3824BB59B2C8FEA525BEE702551CD0336C43A7D0F3FA45627123B
Reporter	abuse_ch
Tags:	GuLoader Neurevt pif

abuse_ch

Malspam distributing Neurevt:

HELO: mail.kaiwin.com.cn
Sending IP: 116.6.85.218
From: Juzer Chaklasi<sales@imailtoolsbulk.top>
Subject: RFQ RCRMPR-05012-20
Attachment: URGENT ORDER 05020012.rar (contains "URGENT ORDER 05020012.pif")

GuLoader pushing Neurevt

GuLoader payload URL:
http://ratamodu.ga/~zadmin/iclient/apsbb_WdTVX27.bin

Neurevt C2:
http://egamcorps.ga/~zadmin/beta/aps/logout.php

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.Generic-7788440-0

Win.Trojan.Generic-7789322-0

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2020-05-13 07:51:00 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

23 of 31 (74.19%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=hv2z4grc5faj32ltzrieacj276c5aiydoex6caudw65p6y66t5zq._file

Verdict:

malicious

Label(s):

guloader

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/201109-svnr7y6bpx/

Behaviour

Suspicious behavior: MapViewOfSection

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Checks QEMU agent state file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Neurevt

rar 322ba0c60e88da49459899332d416916702b5ec498be80f3a47d84152f18bb16

Neurevt

exe 3d759e1a22e9409de973cc5040093aff85d02303712fe10283b7baff63de9f73

(this sample)

Dropped by

MD5 02394103617f91df80b1923143cf9ac6

Delivery method

Distributed via e-mail attachment

Dropped by

SHA256 322ba0c60e88da49459899332d416916702b5ec498be80f3a47d84152f18bb16

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample