General

  • Target

    053e024947a8103550e2250b51a61f65eb0a7f9a99c9c1783d5fd86ecde1d786

  • Size

    613KB

  • Sample

    220713-hdgsjaead9

  • MD5

    25809fc57cbbfdbc64b4c5d4e17d1d06

  • SHA1

    0415083490d597fc23ddc7c6e5163ad51ee60213

  • SHA256

    053e024947a8103550e2250b51a61f65eb0a7f9a99c9c1783d5fd86ecde1d786

  • SHA512

    a078e118303ff225c7526a844e8b0984362e7f764a473fd3599781c432280f5ef6b00eaf6c8ed2dd08bde115e66f675795a0f6769a51fbfe1a0a5e14e3f4509a

Malware Config

Targets

    • Target

      053e024947a8103550e2250b51a61f65eb0a7f9a99c9c1783d5fd86ecde1d786

    • Size

      613KB

    • MD5

      25809fc57cbbfdbc64b4c5d4e17d1d06

    • SHA1

      0415083490d597fc23ddc7c6e5163ad51ee60213

    • SHA256

      053e024947a8103550e2250b51a61f65eb0a7f9a99c9c1783d5fd86ecde1d786

    • SHA512

      a078e118303ff225c7526a844e8b0984362e7f764a473fd3599781c432280f5ef6b00eaf6c8ed2dd08bde115e66f675795a0f6769a51fbfe1a0a5e14e3f4509a

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Modifies security service

    • UAC bypass

    • suricata: ET MALWARE Win32/Neurevt.A/Betabot Check-in 4

      suricata: ET MALWARE Win32/Neurevt.A/Betabot Check-in 4

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

    • Disables taskbar notifications via registry modification

    • Disables use of System Restore points

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Sets file execution options in registry

    • Sets service image path in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks for any installed AV software in registry

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks