General

  • Target

    9e8966dea719955efc303642c75f7f62.exe

  • Size

    440KB

  • Sample

    200908-2jd9hhglya

  • MD5

    9e8966dea719955efc303642c75f7f62

  • SHA1

    f99f5dc22b2ff9fe4caa7fa6db5c742590ea5a72

  • SHA256

    959621ed5f48dbbefe1c0e0e0a87bba88bc7a6b39cd1e10af930e1b969de9f97

  • SHA512

    cb655036ad436e84cd4582baf25fe2298dc0b40cecf2fc8e52e7f67b56b21d01323e611e3eabcab23fac7286854a0040323e57e4fba7d1c8e5434505fe873b75

Malware Config

Targets

    • Target

      9e8966dea719955efc303642c75f7f62.exe

    • Size

      440KB

    • MD5

      9e8966dea719955efc303642c75f7f62

    • SHA1

      f99f5dc22b2ff9fe4caa7fa6db5c742590ea5a72

    • SHA256

      959621ed5f48dbbefe1c0e0e0a87bba88bc7a6b39cd1e10af930e1b969de9f97

    • SHA512

      cb655036ad436e84cd4582baf25fe2298dc0b40cecf2fc8e52e7f67b56b21d01323e611e3eabcab23fac7286854a0040323e57e4fba7d1c8e5434505fe873b75

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

2
T1060

Defense Evasion

Modify Registry

4
T1112

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Tasks