General

  • Target

    a0ee0ba482c1c58c26dc6878021270a3.exe

  • Size

    197KB

  • Sample

    211119-f8axcscce9

  • MD5

    a0ee0ba482c1c58c26dc6878021270a3

  • SHA1

    987df0b82062dfd87898b4b5c692f89b5616cfae

  • SHA256

    d27d12d8fda192edae4388568319bd014d8e5894f50ef145dfac691bab9cbf52

  • SHA512

    a644b82cf0109f7f30b06c6450a7f7817bad5af9db816af56f1e353ca9df17f191524b93c88bffb17ce93e81289e37a5566cfd910878e894879308526365c08a

Malware Config

Targets

    • Target

      a0ee0ba482c1c58c26dc6878021270a3.exe

    • Size

      197KB

    • MD5

      a0ee0ba482c1c58c26dc6878021270a3

    • SHA1

      987df0b82062dfd87898b4b5c692f89b5616cfae

    • SHA256

      d27d12d8fda192edae4388568319bd014d8e5894f50ef145dfac691bab9cbf52

    • SHA512

      a644b82cf0109f7f30b06c6450a7f7817bad5af9db816af56f1e353ca9df17f191524b93c88bffb17ce93e81289e37a5566cfd910878e894879308526365c08a

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Modifies security service

    • UAC bypass

    • Disables taskbar notifications via registry modification

    • Disables use of System Restore points

    • Executes dropped EXE

    • Sets file execution options in registry

    • Sets service image path in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks for any installed AV software in registry

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks