General

  • Target

    6A1B1BD71C348B1701B67555A2AC314D.exe

  • Size

    829KB

  • Sample

    210322-hw49dwq9ha

  • MD5

    6a1b1bd71c348b1701b67555a2ac314d

  • SHA1

    cb6241cc299e72b22035b3a2d15063e93622c409

  • SHA256

    4241044fce8bace299a5a348c736970be1c89ecaf3aa0f28533486c915b8e1c1

  • SHA512

    315cdc82eeb209c2b5f60b1c1b9b8827f9a8be81db633f832735347f5828d149d0559cd69be2891df333bd2b605dcc7c912d5772b0476b4e2250bcb92ed99022

Malware Config

Targets

    • Target

      6A1B1BD71C348B1701B67555A2AC314D.exe

    • Size

      829KB

    • MD5

      6a1b1bd71c348b1701b67555a2ac314d

    • SHA1

      cb6241cc299e72b22035b3a2d15063e93622c409

    • SHA256

      4241044fce8bace299a5a348c736970be1c89ecaf3aa0f28533486c915b8e1c1

    • SHA512

      315cdc82eeb209c2b5f60b1c1b9b8827f9a8be81db633f832735347f5828d149d0559cd69be2891df333bd2b605dcc7c912d5772b0476b4e2250bcb92ed99022

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Executes dropped EXE

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

2
T1060

Defense Evasion

Modify Registry

6
T1112

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Tasks