General

  • Target

    0fca673bb346dcda20aa59e1de49dee4e3aace600d97c1f66bf4f20f74213451

  • Size

    487KB

  • Sample

    220124-gq4x6adbf7

  • MD5

    87dc59b71474d2018f267953eec4e304

  • SHA1

    144f9c66a1f86b5f8d025df187a3ce9d4cb7bd75

  • SHA256

    0fca673bb346dcda20aa59e1de49dee4e3aace600d97c1f66bf4f20f74213451

  • SHA512

    191a7c23e3d634e3c14d747db21d8aba3179a015f61e2d3ecc2cce3386e952f05c5284d26033fc3d98a5fe3f0555be1da533abbddab37131a3f9ea0c007b4281

Malware Config

Targets

    • Target

      0fca673bb346dcda20aa59e1de49dee4e3aace600d97c1f66bf4f20f74213451

    • Size

      487KB

    • MD5

      87dc59b71474d2018f267953eec4e304

    • SHA1

      144f9c66a1f86b5f8d025df187a3ce9d4cb7bd75

    • SHA256

      0fca673bb346dcda20aa59e1de49dee4e3aace600d97c1f66bf4f20f74213451

    • SHA512

      191a7c23e3d634e3c14d747db21d8aba3179a015f61e2d3ecc2cce3386e952f05c5284d26033fc3d98a5fe3f0555be1da533abbddab37131a3f9ea0c007b4281

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Executes dropped EXE

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks