General

  • Target

    37c8144ca9ef05eb9eac8d37ccc43adbae901c37d033e45c6da9349e1a877a5a

  • Size

    729KB

  • Sample

    220625-13fwmsgaf7

  • MD5

    8be1051c3d64ef7df5db513117683342

  • SHA1

    18fbfbd9eb1b0c94c511f93af404eeb2ccfccfc0

  • SHA256

    37c8144ca9ef05eb9eac8d37ccc43adbae901c37d033e45c6da9349e1a877a5a

  • SHA512

    b7a8d5fbb7b8bf7e453c47ac78f142c55d22e31d6f5f2300f28fecb8617913635efec374c9336480e16271958d0ce6a80b8d4c78b40340c991ff873691edd907

Malware Config

Targets

    • Target

      37c8144ca9ef05eb9eac8d37ccc43adbae901c37d033e45c6da9349e1a877a5a

    • Size

      729KB

    • MD5

      8be1051c3d64ef7df5db513117683342

    • SHA1

      18fbfbd9eb1b0c94c511f93af404eeb2ccfccfc0

    • SHA256

      37c8144ca9ef05eb9eac8d37ccc43adbae901c37d033e45c6da9349e1a877a5a

    • SHA512

      b7a8d5fbb7b8bf7e453c47ac78f142c55d22e31d6f5f2300f28fecb8617913635efec374c9336480e16271958d0ce6a80b8d4c78b40340c991ff873691edd907

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks