General

  • Target

    test.zip

  • Size

    1.5MB

  • Sample

    211124-aqq8qsege9

  • MD5

    8315b7b9e41ebc66657701b0b7f4fe02

  • SHA1

    50205f75078b36f4d38dd7425eb22daebde18ea4

  • SHA256

    a00a34aa07b3ddf3ecae91fef78943998c624c9ff2c213179135e183dfdd6640

  • SHA512

    1a03ef3ba0b5cf9989c4311077e9a1f830a60284c0b4adcb540a412d69f951b96f9b5864937b56195325999ce88fa1c72b261130c5ebd1ec3d7a1493069d8d65

Malware Config

Targets

    • Target

      test.exe

    • Size

      3.5MB

    • MD5

      be40d4806fdb4bbf01a1e58db9be72f9

    • SHA1

      cdc85537cc728a393608f32e0b078bfb00e46ccc

    • SHA256

      08ad8bfa45d107b5ddd904f002abb2cd9402bca5564025b3cf4fb309c1371046

    • SHA512

      c459b7bb0d8fd77bdde8d264661e515e05fef46094487c647680b2f7fb670258d2364c5886ca1184cb60a1b4c0d32be68c3994326aedd82505228063a471e1e8

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks