General

  • Target

    5b29fd421e1874ba8b156dff9494e219c35714ea149865053a88a83108a45ed4

  • Size

    6MB

  • Sample

    210405-glwp9nay86

  • MD5

    0909225de438e0b387a0b184e6fcc852

  • SHA1

    1befc5ea0bd95ded2a66c13ceb80a440c69fa039

  • SHA256

    5b29fd421e1874ba8b156dff9494e219c35714ea149865053a88a83108a45ed4

  • SHA512

    b8bc019e408250d2a3dc8142c93bfc63f17f914ec5feda55b9079c81ef17023667462d140c40903db73abbe4be4e1d43cfa9659caf9da350f8bf85807571b0f3

Malware Config

Targets

    • Target

      5b29fd421e1874ba8b156dff9494e219c35714ea149865053a88a83108a45ed4

    • Size

      6MB

    • MD5

      0909225de438e0b387a0b184e6fcc852

    • SHA1

      1befc5ea0bd95ded2a66c13ceb80a440c69fa039

    • SHA256

      5b29fd421e1874ba8b156dff9494e219c35714ea149865053a88a83108a45ed4

    • SHA512

      b8bc019e408250d2a3dc8142c93bfc63f17f914ec5feda55b9079c81ef17023667462d140c40903db73abbe4be4e1d43cfa9659caf9da350f8bf85807571b0f3

    • Beapy

      Beapy is a python worm with crypto mining capabilities.

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Modifies Windows Firewall

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Command-Line Interface

1
T1059

Persistence

Account Manipulation

1
T1098

Modify Existing Service

1
T1031

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

System Information Discovery

2
T1082

Tasks