General

  • Target

    fadd1a606ad058dc3878df48fd98d2f273202b3996ea64be97a868ddd95f19ca

  • Size

    285KB

  • Sample

    221126-12c4cscd3z

  • MD5

    2a80a6f81bdf0a1bb8e0006ce9defcc8

  • SHA1

    c1167ad9908cf4db0374898aef4252913e3b3baa

  • SHA256

    fadd1a606ad058dc3878df48fd98d2f273202b3996ea64be97a868ddd95f19ca

  • SHA512

    8aa26b9782d30c912da7bdc0ba47abb386807881502540869f348b9f5234179b60ac79565312bb4bbf68b768f9465dfcdde7b7aa0173b8d0f39ff5e1404c8978

  • SSDEEP

    6144:KAsBZazU5uZugbr2aF8Y7sXy2V68qZpd60m+Bw0BDMHWafHz9df:xUWHX2ahYg8qZpomBDOfHXf

Malware Config

Targets

    • Target

      fadd1a606ad058dc3878df48fd98d2f273202b3996ea64be97a868ddd95f19ca

    • Size

      285KB

    • MD5

      2a80a6f81bdf0a1bb8e0006ce9defcc8

    • SHA1

      c1167ad9908cf4db0374898aef4252913e3b3baa

    • SHA256

      fadd1a606ad058dc3878df48fd98d2f273202b3996ea64be97a868ddd95f19ca

    • SHA512

      8aa26b9782d30c912da7bdc0ba47abb386807881502540869f348b9f5234179b60ac79565312bb4bbf68b768f9465dfcdde7b7aa0173b8d0f39ff5e1404c8978

    • SSDEEP

      6144:KAsBZazU5uZugbr2aF8Y7sXy2V68qZpd60m+Bw0BDMHWafHz9df:xUWHX2ahYg8qZpomBDOfHXf

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

2
T1060

Defense Evasion

Modify Registry

6
T1112

Discovery

Query Registry

3
T1012

System Information Discovery

5
T1082

Tasks