General

  • Target

    24316B3AE1C1BAFEE76CA8BB33807D37130A58BC6AA19.exe

  • Size

    2.6MB

  • Sample

    220807-red8gabghq

  • MD5

    02e35d591e53085dc1eea9f64b718691

  • SHA1

    6b579e43003cf746e9412774edeb3cb49ad9c9e1

  • SHA256

    24316b3ae1c1bafee76ca8bb33807d37130a58bc6aa19042f06c304af59af615

  • SHA512

    2894cd4ea998fa3fa2908b51765f6bde66248ef28b841705ec1fd0f81fdde9144e77b49511b0a544446f8fef8bb37712f4953039551e854a6750821efc0702b0

Malware Config

Targets

    • Target

      24316B3AE1C1BAFEE76CA8BB33807D37130A58BC6AA19.exe

    • Size

      2.6MB

    • MD5

      02e35d591e53085dc1eea9f64b718691

    • SHA1

      6b579e43003cf746e9412774edeb3cb49ad9c9e1

    • SHA256

      24316b3ae1c1bafee76ca8bb33807d37130a58bc6aa19042f06c304af59af615

    • SHA512

      2894cd4ea998fa3fa2908b51765f6bde66248ef28b841705ec1fd0f81fdde9144e77b49511b0a544446f8fef8bb37712f4953039551e854a6750821efc0702b0

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks