General

  • Target

    JW388194 37737.exe

  • Size

    3.5MB

  • Sample

    211125-jqmd8ahhb8

  • MD5

    cd82162e5056137359914b11af3981c8

  • SHA1

    9c0cd582026b160ed6e370cdb4095aab44fd284b

  • SHA256

    bb59999f614b16236e8d36f8a8d1174f8bb917a88d7d93e3eef60457e917f1a6

  • SHA512

    f1db370f8f561c530bfa18e79afa180b853ed014196ed520b2ffeb3ee9f89692850b93396bcfa23c1b36d7c29825cb85dd53cdc14bd412f4f4a45ce46c7023aa

Malware Config

Targets

    • Target

      JW388194 37737.exe

    • Size

      3.5MB

    • MD5

      cd82162e5056137359914b11af3981c8

    • SHA1

      9c0cd582026b160ed6e370cdb4095aab44fd284b

    • SHA256

      bb59999f614b16236e8d36f8a8d1174f8bb917a88d7d93e3eef60457e917f1a6

    • SHA512

      f1db370f8f561c530bfa18e79afa180b853ed014196ed520b2ffeb3ee9f89692850b93396bcfa23c1b36d7c29825cb85dd53cdc14bd412f4f4a45ce46c7023aa

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks