General

  • Target

    3AD3E9FECA98BD1C94415F0319340C3C9416541F4592F.exe

  • Size

    316KB

  • Sample

    210806-1cteszcmzj

  • MD5

    b9091ef41de734fdbd7c7df7b2a5ea20

  • SHA1

    4d313c6379933dfcfc79cab04a7c83899862b0d7

  • SHA256

    3ad3e9feca98bd1c94415f0319340c3c9416541f4592f7373aeeab289a03c7ac

  • SHA512

    f3aa29e6d4f77d36d1d6a0da1d88e69e69af9bed81a63b85869b1d2582a3e5ff121b9ac8a8b33e2d3f329569fcc3c5370b23da3bdca5636db91c9b6a98813733

Malware Config

Targets

    • Target

      3AD3E9FECA98BD1C94415F0319340C3C9416541F4592F.exe

    • Size

      316KB

    • MD5

      b9091ef41de734fdbd7c7df7b2a5ea20

    • SHA1

      4d313c6379933dfcfc79cab04a7c83899862b0d7

    • SHA256

      3ad3e9feca98bd1c94415f0319340c3c9416541f4592f7373aeeab289a03c7ac

    • SHA512

      f3aa29e6d4f77d36d1d6a0da1d88e69e69af9bed81a63b85869b1d2582a3e5ff121b9ac8a8b33e2d3f329569fcc3c5370b23da3bdca5636db91c9b6a98813733

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • suricata: ET MALWARE Win32/Neurevt.A/Betabot Check-in 4

      suricata: ET MALWARE Win32/Neurevt.A/Betabot Check-in 4

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks