General

  • Target

    CFDI  643898  39334.exe

  • Size

    499KB

  • Sample

    210810-k4h2k3cqkn

  • MD5

    69120890e2512fa35d4bcce24f94458e

  • SHA1

    fb5286025a0696365b7092eb08c8c071459d656b

  • SHA256

    73e8b8b48a312fb73bf31d822161a4dfda993449cc46a28bce67e11812f0b8da

  • SHA512

    142eb54e5ada6d3c67b79edc8170ce4606afa5906ce1aa32341f32c0c765e5404cea769ed712c7eb5f2e68f500340ebf39d0e21c02ca2599c2ccbacab154ea10

Malware Config

Targets

    • Target

      CFDI  643898  39334.exe

    • Size

      499KB

    • MD5

      69120890e2512fa35d4bcce24f94458e

    • SHA1

      fb5286025a0696365b7092eb08c8c071459d656b

    • SHA256

      73e8b8b48a312fb73bf31d822161a4dfda993449cc46a28bce67e11812f0b8da

    • SHA512

      142eb54e5ada6d3c67b79edc8170ce4606afa5906ce1aa32341f32c0c765e5404cea769ed712c7eb5f2e68f500340ebf39d0e21c02ca2599c2ccbacab154ea10

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • suricata: ET MALWARE Win32/Neurevt.A/Betabot Check-in 4

      suricata: ET MALWARE Win32/Neurevt.A/Betabot Check-in 4

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks