General

  • Target

    92fa967b880035072db26c33f6d5f724c813c5fbc6436778577d43b69144c8f9

  • Size

    494KB

  • Sample

    221003-bbgw7abcdq

  • MD5

    63f11ab197651ca23e1dc9348c9fa650

  • SHA1

    76097da39da4dc47999ae0ab9838e993788d7b69

  • SHA256

    92fa967b880035072db26c33f6d5f724c813c5fbc6436778577d43b69144c8f9

  • SHA512

    24901e69d77cb4069dd48990a2ae7029c88e571ff0db25a734ed413bbde2c56db668afa6c545a3a390aafcf01b69eef9571209badce51e3b27241a12a70c570b

Malware Config

Targets

    • Target

      92fa967b880035072db26c33f6d5f724c813c5fbc6436778577d43b69144c8f9

    • Size

      494KB

    • MD5

      63f11ab197651ca23e1dc9348c9fa650

    • SHA1

      76097da39da4dc47999ae0ab9838e993788d7b69

    • SHA256

      92fa967b880035072db26c33f6d5f724c813c5fbc6436778577d43b69144c8f9

    • SHA512

      24901e69d77cb4069dd48990a2ae7029c88e571ff0db25a734ed413bbde2c56db668afa6c545a3a390aafcf01b69eef9571209badce51e3b27241a12a70c570b

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation