General

  • Target

    3943281b88b1c4d3afabc6f0db027b3933a0b3dcf22c13bd37103fa33d851d13

  • Size

    461KB

  • Sample

    220124-f3zzascfd6

  • MD5

    ffc3fd7dd91f9a8033b0de2db261241a

  • SHA1

    2723f90f3edba93dae72c1be8f4fb22a945e52e7

  • SHA256

    3943281b88b1c4d3afabc6f0db027b3933a0b3dcf22c13bd37103fa33d851d13

  • SHA512

    ba20323aa4dbc5f08b9fe36e452bed96ff2b34ba092037c570cadf6f10fe43c25f54e15990fa4e0cd6cabe528fee025afc4d94f1940cebc5f4c2902b3c5c21a2

Malware Config

Targets

    • Target

      NEW ORDER AND SPECIFICATION.exe

    • Size

      487KB

    • MD5

      1704410a710dbcf99cbff188d796c3a1

    • SHA1

      beaf7a7c3296dc9920d13c70f98f27104d1b5fa2

    • SHA256

      68c40a2d26a20a9599e62882b776e4e7c67bbab8dff52c0102cfda21df1c08c3

    • SHA512

      7681a0ba0d5e8bc51911ab871373706dc6b3ed84484cce506fce995e79551f06d25859ae1089a67cd51ee748b347cea22cd6878e52c3796b52a68f15991e5a93

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks