beatdrop | msvcr170[.]dll

Resubmissions

27-10-2022 16:10

221027-tmrjwacggm 10

21-02-2022 16:53

220221-vecanabffq 8

Sharing

Copy URL

Twitter E-mail

General

Target

msvcr170.dll
Size

250KB
MD5

6ac740ebf98df7217d31cb826a207af6
SHA1

6bf6fc77b10f6700fa0b868f6d3515b495d1e1e0
SHA256

2f11ca3dcc1d9400e141d8f3ee9a7a0d18e21908e825990f5c22119214fbb2f5
SHA512

e0d57245047e3689f4804ed75dfcf9b1468473952a5a6bdab5ff164af1b3e5fc220ba0d737a53cb3f8318e10ef42c3ff5a5763487e2b10c785aab14eacbcde5c
SSDEEP

6144:Lo77pPOYfVtaoP/IbI9ezw79SycUB0Xy:LolfHHPQ6Sywi

Score

10^/10

beatdrop

Malware Config

Signatures

Beatdrop family
beatdrop
Detects BEATDROP loader 1 IoCs

Processes:

resource yara_rule

sample family_beatdrop

resource	yara_rule
sample	family_beatdrop

Files

msvcr170.dll
.dll windows x64

8d9e46cd144e8903cb32b998390c2389

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

GetUserNameA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

kernel32

CloseHandle
CreateFileA
CreateFileMappingA
CreateProcessA
CreateSemaphoreW
DeleteCriticalSection
EnterCriticalSection
GetComputerNameExA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetSystemTimeAsFileTime
GetThreadContext
GetTickCount
GetTimeZoneInformation
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
MapViewOfFile
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
ReleaseSemaphore
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetLastError
SetThreadContext
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAllocEx
VirtualProtect
VirtualProtectEx
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_assert
_ctime64
_errno
_initterm
_lock
_unlock
abort
calloc
fclose
fopen
fputc
fputs
free
fwrite
islower
isspace
isupper
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
realloc
signal
sprintf
strcmp
strerror
strlen
strncmp
vfprintf
wcslen
_write
_read
_fileno

psapi

GetModuleInformation

shell32

SHGetFolderPathA

wininet

HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetReadFile

ws2_32

WSAStartup
gethostbyname
gethostname
inet_ntoa

Exports

Exports

CRTRuntimePPLLock

Sections

.text
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 81B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

8d9e46cd144e8903cb32b998390c2389

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

psapi

shell32

wininet

ws2_32

Exports

Exports

Sections

.text Size: 183KB - Virtual size: 182KB

.data Size: 512B - Virtual size: 464B

.rdata Size: 33KB - Virtual size: 33KB

.pdata Size: 11KB - Virtual size: 11KB

.xdata Size: 13KB - Virtual size: 12KB

.bss Size: - Virtual size: 5KB

.edata Size: 512B - Virtual size: 81B

.idata Size: 4KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 183KB - Virtual size: 182KB

.data
Size: 512B - Virtual size: 464B

.rdata
Size: 33KB - Virtual size: 33KB

.pdata
Size: 11KB - Virtual size: 11KB

.xdata
Size: 13KB - Virtual size: 12KB

.bss
Size: - Virtual size: 5KB

.edata
Size: 512B - Virtual size: 81B

.idata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 1KB - Virtual size: 1KB