General

  • Target

    e2a54aa5e3240dc68e43f5920d4dd5b9243aa428290529bdda008ec68cea14ce

  • Size

    276KB

  • Sample

    221127-dmancsee88

  • MD5

    29bd9a2961addf43a57c62691fdd205b

  • SHA1

    e9e621fc47efad45443fa1327327e279b39322e4

  • SHA256

    e2a54aa5e3240dc68e43f5920d4dd5b9243aa428290529bdda008ec68cea14ce

  • SHA512

    8085ea3866515e295ca1582bdacd0f7973d3ac5b643f5d80dcc9114f9cd60ffd65e2e685a7e6497d1df323a83fc965438fb202ad791fe7a9eb3cfd015164c335

  • SSDEEP

    6144:g7ibPRDETCOx84EHACTaKYiXyF5HQ+Ksm1VdScmpn:gmbPRDTS8Acjm5HQ+K4

Malware Config

Targets

    • Target

      e2a54aa5e3240dc68e43f5920d4dd5b9243aa428290529bdda008ec68cea14ce

    • Size

      276KB

    • MD5

      29bd9a2961addf43a57c62691fdd205b

    • SHA1

      e9e621fc47efad45443fa1327327e279b39322e4

    • SHA256

      e2a54aa5e3240dc68e43f5920d4dd5b9243aa428290529bdda008ec68cea14ce

    • SHA512

      8085ea3866515e295ca1582bdacd0f7973d3ac5b643f5d80dcc9114f9cd60ffd65e2e685a7e6497d1df323a83fc965438fb202ad791fe7a9eb3cfd015164c335

    • SSDEEP

      6144:g7ibPRDETCOx84EHACTaKYiXyF5HQ+Ksm1VdScmpn:gmbPRDTS8Acjm5HQ+K4

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

2
T1060

Defense Evasion

Modify Registry

6
T1112

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Tasks