General

  • Target

    83d6f75a49f99eef7c428029e740cdb13c6010539600c2b49a84fde76b96c483

  • Size

    285KB

  • Sample

    221001-2ghnsaacc7

  • MD5

    63edfb90569441d924e4cedd7f259a10

  • SHA1

    07d67056cb86ef7ae89c713286ea7c1ec7a60f37

  • SHA256

    83d6f75a49f99eef7c428029e740cdb13c6010539600c2b49a84fde76b96c483

  • SHA512

    94f7001ee77cfd25cd248ff785c6087487e38ce0ad7ceb9a846fb25b14fe3399378baf1d796e5922542ffa1ca3710f456cbbfd7b34fcd3272c2cfac5477b1bf6

Malware Config

Targets

    • Target

      83d6f75a49f99eef7c428029e740cdb13c6010539600c2b49a84fde76b96c483

    • Size

      285KB

    • MD5

      63edfb90569441d924e4cedd7f259a10

    • SHA1

      07d67056cb86ef7ae89c713286ea7c1ec7a60f37

    • SHA256

      83d6f75a49f99eef7c428029e740cdb13c6010539600c2b49a84fde76b96c483

    • SHA512

      94f7001ee77cfd25cd248ff785c6087487e38ce0ad7ceb9a846fb25b14fe3399378baf1d796e5922542ffa1ca3710f456cbbfd7b34fcd3272c2cfac5477b1bf6

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation