General

  • Target

    3f1d2e8d5d89e82cf02d96ac0bb2a219a12eac2f3aa6b1ada0ec072c8222dec8

  • Size

    290KB

  • Sample

    220701-c52n5agfap

  • MD5

    c6111156b395f3e7da625a7022e65510

  • SHA1

    bbafe2de1510525ca60232df6f0b470d5ca57fa9

  • SHA256

    3f1d2e8d5d89e82cf02d96ac0bb2a219a12eac2f3aa6b1ada0ec072c8222dec8

  • SHA512

    2fba768d40f1f67194b794a60e249cc4b335048d37b5e66ac8ab0e0e9773cbc417cf14367716b51fa0c98e75b2b39fc4cab2d44b1fe70c735de8be22adba6dd2

Malware Config

Targets

    • Target

      3f1d2e8d5d89e82cf02d96ac0bb2a219a12eac2f3aa6b1ada0ec072c8222dec8

    • Size

      290KB

    • MD5

      c6111156b395f3e7da625a7022e65510

    • SHA1

      bbafe2de1510525ca60232df6f0b470d5ca57fa9

    • SHA256

      3f1d2e8d5d89e82cf02d96ac0bb2a219a12eac2f3aa6b1ada0ec072c8222dec8

    • SHA512

      2fba768d40f1f67194b794a60e249cc4b335048d37b5e66ac8ab0e0e9773cbc417cf14367716b51fa0c98e75b2b39fc4cab2d44b1fe70c735de8be22adba6dd2

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks