General

  • Target

    5d3d44cad3c2b99b0c08aa0ee2ecdeb3c514090498a4a4c8f2cf7946143ff853

  • Size

    263KB

  • Sample

    220520-qwh3baebf7

  • MD5

    e8363706522342acd3b8016e5c1d42d1

  • SHA1

    9f99b309b92eb8ba5f0d2e8c8de8a1c332dbf75c

  • SHA256

    5d3d44cad3c2b99b0c08aa0ee2ecdeb3c514090498a4a4c8f2cf7946143ff853

  • SHA512

    06eeecea783f3d631ed5be21900486d1f3bf44ef714c1e87fecbf7c70de309c044cadb946be3db842c8d1c467ae077d0355c5222a4f3dedc8c469f16524fbcb5

Malware Config

Targets

    • Target

      dm_2020-07-24_08-34.exe

    • Size

      316KB

    • MD5

      ca2435bf28a9f678e7f2136cfc52cfcb

    • SHA1

      042c3f1f2675d30f3394243db9a1aaeba7e1e87e

    • SHA256

      4432dedd4db9c2f1f554cb9fc4317196051ca8dc405231e2bd1bc9845702a872

    • SHA512

      786cc02a5453da625e8e4a04aab626993e103f113881f9931b5d6d66ab498a162d9847fed7ff54e116d4c33238d5538878f0489ba82dc554c9cde56e7cd1fd43

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

2
T1060

Defense Evasion

Modify Registry

6
T1112

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Tasks