General

  • Target

    37dfdb6cd11066f64f8374d89413715ce82a4cc758493935b89ca342e8781878

  • Size

    398KB

  • Sample

    220625-1rffqsfef2

  • MD5

    7f1958bb2a7870c338f0369e2723a396

  • SHA1

    b734bf98a484cde4a4ba005621766ee3ea0da6b1

  • SHA256

    37dfdb6cd11066f64f8374d89413715ce82a4cc758493935b89ca342e8781878

  • SHA512

    106a1bd8f1db86ffef5d96e76982a3900cf454c8da63f0fe60f5f510109659dc64b97e0dade1117c966dfc7ec42591589fe77a9c621ead731d8faa0828710bc8

Malware Config

Targets

    • Target

      37dfdb6cd11066f64f8374d89413715ce82a4cc758493935b89ca342e8781878

    • Size

      398KB

    • MD5

      7f1958bb2a7870c338f0369e2723a396

    • SHA1

      b734bf98a484cde4a4ba005621766ee3ea0da6b1

    • SHA256

      37dfdb6cd11066f64f8374d89413715ce82a4cc758493935b89ca342e8781878

    • SHA512

      106a1bd8f1db86ffef5d96e76982a3900cf454c8da63f0fe60f5f510109659dc64b97e0dade1117c966dfc7ec42591589fe77a9c621ead731d8faa0828710bc8

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks