General

  • Target

    C6BA807010AEC7A25AD106D9BCE0F3B70D9C3D2223E93.exe

  • Size

    335KB

  • Sample

    211001-z413jadcfq

  • MD5

    99cf40f54910d611105302fee1851b7d

  • SHA1

    29b9ee192ebf4b587dbfd0d908f6ae74a7b3817d

  • SHA256

    c6ba807010aec7a25ad106d9bce0f3b70d9c3d2223e93344cf5fad10ed1eedd3

  • SHA512

    037eea6d933f25e71a41d3fb63ca5e2e296e2300d1e5273e93fa40d5c0c76e5aa3334890c4e1ef4c8d9937384d539da94a77ba4ba638eb079d3f559c05f4bd12

Malware Config

Targets

    • Target

      C6BA807010AEC7A25AD106D9BCE0F3B70D9C3D2223E93.exe

    • Size

      335KB

    • MD5

      99cf40f54910d611105302fee1851b7d

    • SHA1

      29b9ee192ebf4b587dbfd0d908f6ae74a7b3817d

    • SHA256

      c6ba807010aec7a25ad106d9bce0f3b70d9c3d2223e93344cf5fad10ed1eedd3

    • SHA512

      037eea6d933f25e71a41d3fb63ca5e2e296e2300d1e5273e93fa40d5c0c76e5aa3334890c4e1ef4c8d9937384d539da94a77ba4ba638eb079d3f559c05f4bd12

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • suricata: ET MALWARE Win32/Neurevt.A/Betabot Check-in 4

      suricata: ET MALWARE Win32/Neurevt.A/Betabot Check-in 4

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks