General

  • Target

    CFDI_Detalles.exe

  • Size

    636KB

  • Sample

    201001-6a258nrx9a

  • MD5

    bb3aaa72180128a32fc7912bc39c9c79

  • SHA1

    f5adecb1c24d9e331db5862b44c373fb1e1a0fb4

  • SHA256

    209d47069b962d8d232dd349c905c43ca1d787575315111409783085b54e2dd0

  • SHA512

    c0b5119eeb968526820a3544f4c766cb8a179c4f78c1efe3b260ded8a296036bd342d1e133fa317639c9d371867612c63b9b62fbbc6ef87194dcc154d2987992

Malware Config

Targets

    • Target

      CFDI_Detalles.exe

    • Size

      636KB

    • MD5

      bb3aaa72180128a32fc7912bc39c9c79

    • SHA1

      f5adecb1c24d9e331db5862b44c373fb1e1a0fb4

    • SHA256

      209d47069b962d8d232dd349c905c43ca1d787575315111409783085b54e2dd0

    • SHA512

      c0b5119eeb968526820a3544f4c766cb8a179c4f78c1efe3b260ded8a296036bd342d1e133fa317639c9d371867612c63b9b62fbbc6ef87194dcc154d2987992

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Modifies security service

    • UAC bypass

    • Disables taskbar notifications via registry modification

    • Disables use of System Restore points

    • Executes dropped EXE

    • Sets file execution options in registry

    • Sets service image path in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks for any installed AV software in registry

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Modifies service

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks