General

  • Target

    4a1da031313919a6c6553d6608869a46f45c81f68290629497f1122615d1a7cf

  • Size

    315KB

  • Sample

    221127-p73qeshf94

  • MD5

    6a862dc51bdf3cb9cbcff57bb592546c

  • SHA1

    51f4bce1b1196e85146bec83a6549763af3f334c

  • SHA256

    4a1da031313919a6c6553d6608869a46f45c81f68290629497f1122615d1a7cf

  • SHA512

    14d8ae5a44e1e1ca0c72e2cb0763f32b24698c0e1219c1e6c6d4b47874f5908678694501e3d20ba0eff149c8c0b0a79447adcddca0f8d665472947edc1f0e267

  • SSDEEP

    6144:OAsBZxLA8ivLPhyqaShRf9OpRb9tDia3BjoybPDhk8Ni6F9D3qAPqUvtPTiI:SL7iTPhbAp9rznbr5i6F9TFLiI

Malware Config

Targets

    • Target

      4a1da031313919a6c6553d6608869a46f45c81f68290629497f1122615d1a7cf

    • Size

      315KB

    • MD5

      6a862dc51bdf3cb9cbcff57bb592546c

    • SHA1

      51f4bce1b1196e85146bec83a6549763af3f334c

    • SHA256

      4a1da031313919a6c6553d6608869a46f45c81f68290629497f1122615d1a7cf

    • SHA512

      14d8ae5a44e1e1ca0c72e2cb0763f32b24698c0e1219c1e6c6d4b47874f5908678694501e3d20ba0eff149c8c0b0a79447adcddca0f8d665472947edc1f0e267

    • SSDEEP

      6144:OAsBZxLA8ivLPhyqaShRf9OpRb9tDia3BjoybPDhk8Ni6F9D3qAPqUvtPTiI:SL7iTPhbAp9rznbr5i6F9TFLiI

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks