General

  • Target

    5ba70f3254c52fc2b0dbc6520c443d3b4bd0bc593c2aebe1d3f3402ebc9194f0

  • Size

    552KB

  • Sample

    220720-sjjjesgfa7

  • MD5

    ff3ead9b3608969b11b467c9a2cc8edd

  • SHA1

    4c720661536dae0696d1158a9c732d5e0c7369e4

  • SHA256

    5ba70f3254c52fc2b0dbc6520c443d3b4bd0bc593c2aebe1d3f3402ebc9194f0

  • SHA512

    58fd80ee0efc7eaf2ec96646ceffc0a8046d7b9908aaa273ac1b06ad239f5b4e91556b692601b073a3b35e68a42be1e720884ac0e8b8998610d4c070203cd311

Malware Config

Targets

    • Target

      5ba70f3254c52fc2b0dbc6520c443d3b4bd0bc593c2aebe1d3f3402ebc9194f0

    • Size

      552KB

    • MD5

      ff3ead9b3608969b11b467c9a2cc8edd

    • SHA1

      4c720661536dae0696d1158a9c732d5e0c7369e4

    • SHA256

      5ba70f3254c52fc2b0dbc6520c443d3b4bd0bc593c2aebe1d3f3402ebc9194f0

    • SHA512

      58fd80ee0efc7eaf2ec96646ceffc0a8046d7b9908aaa273ac1b06ad239f5b4e91556b692601b073a3b35e68a42be1e720884ac0e8b8998610d4c070203cd311

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

2
T1060

Defense Evasion

Modify Registry

6
T1112

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Tasks