General

  • Target

    b56ebc93a9ac3ccea88ae22132aff8679ffe212ead91708cedc45cf9e86f4dfd

  • Size

    395KB

  • Sample

    220720-sjkfqagfa8

  • MD5

    f7de98eeffb74164d144d69deaa3b589

  • SHA1

    324cf59344fa323915045960792d45afae42741b

  • SHA256

    b56ebc93a9ac3ccea88ae22132aff8679ffe212ead91708cedc45cf9e86f4dfd

  • SHA512

    798d91557bf2ae38436ffefcf979f98f792a88eb889feedca1c8ec5b2fdd5d683687e94e165fe50b230f697c933c34f758c0c5e6a7913ce0a793e9f15d8001d0

Malware Config

Targets

    • Target

      Propuesta-estrategia.exe

    • Size

      552KB

    • MD5

      ff3ead9b3608969b11b467c9a2cc8edd

    • SHA1

      4c720661536dae0696d1158a9c732d5e0c7369e4

    • SHA256

      5ba70f3254c52fc2b0dbc6520c443d3b4bd0bc593c2aebe1d3f3402ebc9194f0

    • SHA512

      58fd80ee0efc7eaf2ec96646ceffc0a8046d7b9908aaa273ac1b06ad239f5b4e91556b692601b073a3b35e68a42be1e720884ac0e8b8998610d4c070203cd311

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

2
T1060

Defense Evasion

Modify Registry

6
T1112

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Tasks