General

  • Target

    92fa967b880035072db26c33f6d5f724c813c5fbc6436778577d43b69144c8f9

  • Size

    494KB

  • Sample

    221003-bbgw7abcdq

  • MD5

    63f11ab197651ca23e1dc9348c9fa650

  • SHA1

    76097da39da4dc47999ae0ab9838e993788d7b69

  • SHA256

    92fa967b880035072db26c33f6d5f724c813c5fbc6436778577d43b69144c8f9

  • SHA512

    24901e69d77cb4069dd48990a2ae7029c88e571ff0db25a734ed413bbde2c56db668afa6c545a3a390aafcf01b69eef9571209badce51e3b27241a12a70c570b

  • SSDEEP

    12288:S7zgvLMLKiOiBiOBA6TBwkgqo8njbf5HZ/xB:wzgvLML2cTa6zgH8v1B

Malware Config

Targets

    • Target

      92fa967b880035072db26c33f6d5f724c813c5fbc6436778577d43b69144c8f9

    • Size

      494KB

    • MD5

      63f11ab197651ca23e1dc9348c9fa650

    • SHA1

      76097da39da4dc47999ae0ab9838e993788d7b69

    • SHA256

      92fa967b880035072db26c33f6d5f724c813c5fbc6436778577d43b69144c8f9

    • SHA512

      24901e69d77cb4069dd48990a2ae7029c88e571ff0db25a734ed413bbde2c56db668afa6c545a3a390aafcf01b69eef9571209badce51e3b27241a12a70c570b

    • SSDEEP

      12288:S7zgvLMLKiOiBiOBA6TBwkgqo8njbf5HZ/xB:wzgvLML2cTa6zgH8v1B

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

2
T1060

Defense Evasion

Modify Registry

6
T1112

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Tasks