General

  • Target

    cccb98520d7b5747bbec8af8fcc1d245eaccea92a346c30309c3333519933451

  • Size

    270KB

  • Sample

    221001-xms99acdfq

  • MD5

    72a5fd774abbbcbdc38527826122b580

  • SHA1

    08da270a2c68a7b113aaaee8b2cbffb7665163c9

  • SHA256

    cccb98520d7b5747bbec8af8fcc1d245eaccea92a346c30309c3333519933451

  • SHA512

    51abac0551b7e97c9691b0a2f821d22a258022c25dcc7c1c7bd6e873e658ea3bf7affdae06d8b6929e2473600c55abbc7a1b1decdd17b76e376b9c54eca6218f

Malware Config

Targets

    • Target

      cccb98520d7b5747bbec8af8fcc1d245eaccea92a346c30309c3333519933451

    • Size

      270KB

    • MD5

      72a5fd774abbbcbdc38527826122b580

    • SHA1

      08da270a2c68a7b113aaaee8b2cbffb7665163c9

    • SHA256

      cccb98520d7b5747bbec8af8fcc1d245eaccea92a346c30309c3333519933451

    • SHA512

      51abac0551b7e97c9691b0a2f821d22a258022c25dcc7c1c7bd6e873e658ea3bf7affdae06d8b6929e2473600c55abbc7a1b1decdd17b76e376b9c54eca6218f

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation