General

  • Target

    New Puchase Order From BudGroup Ltd .PDF.exe

  • Size

    368KB

  • Sample

    201020-crqr97ke7j

  • MD5

    e799bf5a0f3c24b196728122e60eb40d

  • SHA1

    8284d15cdc0a85a9dcbbefbfca71268d980e5011

  • SHA256

    db0c6ef1d64a1486fe241aa0c3bfdab01d0bac9da64da4ba974df3b57c91bb8f

  • SHA512

    5466db3b91385697b8439cf74dcef3d3a1c40226c591a78fd984cc02255968ad90acd46d441fd645a1d07afb0534e81ee55f74752fe39649d0a61c0d11fe0a59

Malware Config

Targets

    • Target

      New Puchase Order From BudGroup Ltd .PDF.exe

    • Size

      368KB

    • MD5

      e799bf5a0f3c24b196728122e60eb40d

    • SHA1

      8284d15cdc0a85a9dcbbefbfca71268d980e5011

    • SHA256

      db0c6ef1d64a1486fe241aa0c3bfdab01d0bac9da64da4ba974df3b57c91bb8f

    • SHA512

      5466db3b91385697b8439cf74dcef3d3a1c40226c591a78fd984cc02255968ad90acd46d441fd645a1d07afb0534e81ee55f74752fe39649d0a61c0d11fe0a59

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

2
T1060

Defense Evasion

Modify Registry

6
T1112

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Tasks