General

  • Target

    6440493474021376.zip

  • Size

    1.5MB

  • Sample

    211129-skqzwsccgj

  • MD5

    6087047d0059a88807de4e60975fe99e

  • SHA1

    e91b2146398282892e3205aedfb7f483060ceb2c

  • SHA256

    c52b3f4c8e9f501f5ee51626bb967c450de0d4bd07ab1df6d7cc6ecbddd3a4d7

  • SHA512

    54f39d005acdefcf18e74bce9dbab902b21fc45f9a946afc12be2633451f8fa464cea8ff40d2b08ce010e779d565a1d30cd019f330c845b7e046d1687bf818a2

Malware Config

Targets

    • Target

      JW388194_13774.exe

    • Size

      3.5MB

    • MD5

      cd82162e5056137359914b11af3981c8

    • SHA1

      9c0cd582026b160ed6e370cdb4095aab44fd284b

    • SHA256

      bb59999f614b16236e8d36f8a8d1174f8bb917a88d7d93e3eef60457e917f1a6

    • SHA512

      f1db370f8f561c530bfa18e79afa180b853ed014196ed520b2ffeb3ee9f89692850b93396bcfa23c1b36d7c29825cb85dd53cdc14bd412f4f4a45ce46c7023aa

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • suricata: ET MALWARE Win32/Neurevt.A/Betabot Check-in 4

      suricata: ET MALWARE Win32/Neurevt.A/Betabot Check-in 4

    • Executes dropped EXE

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks