General

  • Target

    Completed Finance Application and Required Documents.DOC.exe

  • Size

    299KB

  • Sample

    201013-cen5x84vte

  • MD5

    9e6a523473b8b248169a7c012df77e71

  • SHA1

    077d03bbe5c57015103583eb9a6dd3afbc8e45a9

  • SHA256

    aef47ea6290bbdfa6ca5994e556ba1d3a09200a525ab0aa11eb9fca8f324dfdf

  • SHA512

    3772fd8794801af0851c56bdbd3c6174aec3cd719e0a4bd2957bc38f4baaec80e8fee55e654856eed8c5962d8f4f66b01e380ae57bd8b801fabbe69a352610c6

Malware Config

Targets

    • Target

      Completed Finance Application and Required Documents.DOC.exe

    • Size

      299KB

    • MD5

      9e6a523473b8b248169a7c012df77e71

    • SHA1

      077d03bbe5c57015103583eb9a6dd3afbc8e45a9

    • SHA256

      aef47ea6290bbdfa6ca5994e556ba1d3a09200a525ab0aa11eb9fca8f324dfdf

    • SHA512

      3772fd8794801af0851c56bdbd3c6174aec3cd719e0a4bd2957bc38f4baaec80e8fee55e654856eed8c5962d8f4f66b01e380ae57bd8b801fabbe69a352610c6

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

2
T1060

Defense Evasion

Modify Registry

6
T1112

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Tasks