General

  • Target

    9401a08c1293a7bf361dcef2ee9dbfb310e130474ae1e25af6c3868c6ab7acf3

  • Size

    487KB

  • Sample

    220124-erk6bsbfe4

  • MD5

    480833127970ec8e4bea980aee392bb6

  • SHA1

    d2992808d4a7b812a45b01c4d7e814744caf4bfd

  • SHA256

    9401a08c1293a7bf361dcef2ee9dbfb310e130474ae1e25af6c3868c6ab7acf3

  • SHA512

    735b073184469128222016f9a978f376d1f74384e81bd26dd4a39e4762465dc32ef1484095bb88085364aa14c68605a9e872d9ff972c652631281fc737dd47cc

Malware Config

Targets

    • Target

      9401a08c1293a7bf361dcef2ee9dbfb310e130474ae1e25af6c3868c6ab7acf3

    • Size

      487KB

    • MD5

      480833127970ec8e4bea980aee392bb6

    • SHA1

      d2992808d4a7b812a45b01c4d7e814744caf4bfd

    • SHA256

      9401a08c1293a7bf361dcef2ee9dbfb310e130474ae1e25af6c3868c6ab7acf3

    • SHA512

      735b073184469128222016f9a978f376d1f74384e81bd26dd4a39e4762465dc32ef1484095bb88085364aa14c68605a9e872d9ff972c652631281fc737dd47cc

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Executes dropped EXE

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks