General

  • Target

    2db91acf6453d9cd831395586466d7448945f1a8eb440000b725831ef4a24de1

  • Size

    676KB

  • Sample

    220724-2kt6zsbdbn

  • MD5

    d0bfa920f7237fd0a80c376e35e69987

  • SHA1

    7a49bb30661eb90ad281f0248f7db26ddb4061b8

  • SHA256

    2db91acf6453d9cd831395586466d7448945f1a8eb440000b725831ef4a24de1

  • SHA512

    12d5803715f1f20d42902ef7720f91e716bae51fb6d3adee78706d62ea7a306d8538119dcffa5db23b31ad531763a533f04f437dc4742cffa60e2b3d29c2f1b0

Malware Config

Targets

    • Target

      2db91acf6453d9cd831395586466d7448945f1a8eb440000b725831ef4a24de1

    • Size

      676KB

    • MD5

      d0bfa920f7237fd0a80c376e35e69987

    • SHA1

      7a49bb30661eb90ad281f0248f7db26ddb4061b8

    • SHA256

      2db91acf6453d9cd831395586466d7448945f1a8eb440000b725831ef4a24de1

    • SHA512

      12d5803715f1f20d42902ef7720f91e716bae51fb6d3adee78706d62ea7a306d8538119dcffa5db23b31ad531763a533f04f437dc4742cffa60e2b3d29c2f1b0

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Executes dropped EXE

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks