General

  • Target

    5a99bc6aa70681c21c6eb298a479f3d72ff16b033129d750cf8249ee24ed9531

  • Size

    551KB

  • Sample

    220802-dgpkbsgad5

  • MD5

    3454232330370e6c035524983677ac69

  • SHA1

    45c6624631a989e37f91816021c97d80b3060de5

  • SHA256

    5a99bc6aa70681c21c6eb298a479f3d72ff16b033129d750cf8249ee24ed9531

  • SHA512

    287d84bf8b3476a7d426f180ed601533524d8f0f441237db16fc0421c8d51a6e0d2cf63708328eac82e10797a78a376868ce8582239d1d740671bc1be67055be

Malware Config

Targets

    • Target

      5a99bc6aa70681c21c6eb298a479f3d72ff16b033129d750cf8249ee24ed9531

    • Size

      551KB

    • MD5

      3454232330370e6c035524983677ac69

    • SHA1

      45c6624631a989e37f91816021c97d80b3060de5

    • SHA256

      5a99bc6aa70681c21c6eb298a479f3d72ff16b033129d750cf8249ee24ed9531

    • SHA512

      287d84bf8b3476a7d426f180ed601533524d8f0f441237db16fc0421c8d51a6e0d2cf63708328eac82e10797a78a376868ce8582239d1d740671bc1be67055be

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks