beapy | fa0978b3d14458524bb235d6095358a27af9f2e9281be7cd0eb1a4d2123a8330 | Triage

Submit
Reports

Overview

overview

Static

static

3

fa0978b3d1...30.exe

windows7-x64

fa0978b3d1...30.exe

windows10-2004-x64

7

Sharing

General

Target

fa0978b3d14458524bb235d6095358a27af9f2e9281be7cd0eb1a4d2123a8330
Size

6.6MB
Sample

221130-w952wseb95
MD5

470b4f5bc84db74ab1935186a3b5219f
SHA1

522da30dadf030861e51da3efaf25ea0e0619206
SHA256

fa0978b3d14458524bb235d6095358a27af9f2e9281be7cd0eb1a4d2123a8330
SHA512

09ec3a279665fd9f38a488a39891085c52580d3eb63cb30c648236fe9cbb332a03a0d087f70fa34e633baba774080c73784ffeabf396081fe85152bd06b900fe
SSDEEP

196608:eAqjTpnhXlmyWCZNulPKQ8hY/Bkr/fOIT/+VdlBFKaz:kfauN/HYOSIT/EVF9

Score

10^/10

beapy discovery miner pyinstaller worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fa0978b3d14458524bb235d6095358a27af9f2e9281be7cd0eb1a4d2123a8330.exe

Resource

win7-20220812-en

beapy discovery miner worm

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

fa0978b3d14458524bb235d6095358a27af9f2e9281be7cd0eb1a4d2123a8330.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  fa0978b3d14458524bb235d6095358a27af9f2e9281be7cd0eb1a4d2123a8330
- Size
  
  6.6MB
- MD5
  
  470b4f5bc84db74ab1935186a3b5219f
- SHA1
  
  522da30dadf030861e51da3efaf25ea0e0619206
- SHA256
  
  fa0978b3d14458524bb235d6095358a27af9f2e9281be7cd0eb1a4d2123a8330
- SHA512
  
  09ec3a279665fd9f38a488a39891085c52580d3eb63cb30c648236fe9cbb332a03a0d087f70fa34e633baba774080c73784ffeabf396081fe85152bd06b900fe
- SSDEEP
  
  196608:eAqjTpnhXlmyWCZNulPKQ8hY/Bkr/fOIT/+VdlBFKaz:kfauN/HYOSIT/EVF9
Score

10^/10

beapy discovery miner worm
- Beapy
  Beapy is a python worm with crypto mining capabilities.
  miner worm beapy
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Loads dropped DLL
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Account Manipulation

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

beapydiscoveryminerworm

behavioral2

© 2018-2024

Terms | Privacy