General

  • Target

    3824d605887ae934ad84db31b698f9d03dbd0d7f8848dc06a523dda7eeb0d3a4

  • Size

    540KB

  • Sample

    220625-ztbpwsbheq

  • MD5

    7f1b90b097ecb399029e671b4535e8d6

  • SHA1

    121607d5bc9060a1393faff0393cf920e53b03b3

  • SHA256

    3824d605887ae934ad84db31b698f9d03dbd0d7f8848dc06a523dda7eeb0d3a4

  • SHA512

    f193effb43d208b691eb2bab1d2ef2f091b4b51b120992ae32e9133e5ccd887b02c952fda690c3c3de7d5f56bd485523f048caba5d2e647d167fda030662452a

Malware Config

Targets

    • Target

      3824d605887ae934ad84db31b698f9d03dbd0d7f8848dc06a523dda7eeb0d3a4

    • Size

      540KB

    • MD5

      7f1b90b097ecb399029e671b4535e8d6

    • SHA1

      121607d5bc9060a1393faff0393cf920e53b03b3

    • SHA256

      3824d605887ae934ad84db31b698f9d03dbd0d7f8848dc06a523dda7eeb0d3a4

    • SHA512

      f193effb43d208b691eb2bab1d2ef2f091b4b51b120992ae32e9133e5ccd887b02c952fda690c3c3de7d5f56bd485523f048caba5d2e647d167fda030662452a

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks