General

  • Target

    58cf1910c8a9e15012de480c3e9c1337e7987a74d667c9298ff885b36d7298ca

  • Size

    654KB

  • Sample

    220724-g7715safc7

  • MD5

    6874035592127651153f1eabf0e7b8ba

  • SHA1

    788f645770e006426b606ab9136d1f899e2f51ea

  • SHA256

    58cf1910c8a9e15012de480c3e9c1337e7987a74d667c9298ff885b36d7298ca

  • SHA512

    d726ca148977b63d11dbbff3340dfea47cd2e501f4374d46162d8f604d5536289341c825572613348ef7f0210fd42d814f66105d58d105d4d729ad8c058944c0

Malware Config

Targets

    • Target

      58cf1910c8a9e15012de480c3e9c1337e7987a74d667c9298ff885b36d7298ca

    • Size

      654KB

    • MD5

      6874035592127651153f1eabf0e7b8ba

    • SHA1

      788f645770e006426b606ab9136d1f899e2f51ea

    • SHA256

      58cf1910c8a9e15012de480c3e9c1337e7987a74d667c9298ff885b36d7298ca

    • SHA512

      d726ca148977b63d11dbbff3340dfea47cd2e501f4374d46162d8f604d5536289341c825572613348ef7f0210fd42d814f66105d58d105d4d729ad8c058944c0

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

2
T1060

Defense Evasion

Modify Registry

6
T1112

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Tasks