Overview

overview

8

Static

static

3

beetle-cab/7za.exe

windows7-x64

1

beetle-cab/7za.exe

windows10-2004-x64

1

beetle-cab/start.cmd

windows7-x64

8

beetle-cab/start.cmd

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    beetle-cab.zip

  • Size

    12.5MB

  • Sample

    230724-lqhgdacf7x

  • MD5

    2b39268d3912d7c7593ff6d084194752

  • SHA1

    4b07f662a4eabcb278f44a4d096b9311f3a19ab9

  • SHA256

    923faf9be90c798cd970f8406c0694da3c9b3bc66cc6ec436709f5aeab82a2f4

  • SHA512

    09e6bad0b41d6be8d4e8f4c6f7d4a459a90746baee304fcb73f48e19f4070dd02eb88839a830d757cbef969599dab24099d7d1a010965f3385371cd0b9888a1e

  • SSDEEP

    196608:nPrTLmLqMjIUgWviRDgRgNZpLnv8/uKVIG4bY1dxVfZlJx7mhjML:nP6LlgWviRhNgG0dx1dfZ79mhYL

Score
8/10
discoveryevasionupx

Malware Config

Targets

    • Target

      beetle-cab/7za.exe

    • Size

      796KB

    • MD5

      90aac6489f6b226bf7dc1adabfdb1259

    • SHA1

      c90c47b717b776922cdd09758d2b4212d9ae4911

    • SHA256

      ba7f3627715614d113c1e1cd7dd9d47e3402a1e8a7404043e08bc14939364549

    • SHA512

      befaa9b27dc11e226b00a651aa91cbfe1ec36127084d87d44b6cd8a5076e0a092a162059295d3fcd17abb6ea9adb3b703f3652ae558c2eef4e8932131397c12d

    • SSDEEP

      24576:HWdp+y7/ya3yc7tfBA6rDUzfKrBxEATB:up+fa3rLA6s+/

    Score
    1/10
    behavioral1behavioral2

    • Target

      beetle-cab/start.cmd

    • Size

      86B

    • MD5

      232ebf167ea35163ea69a1570be7b03e

    • SHA1

      b8bc8c8b3f9ebf83ec43244a934389bd98849a0a

    • SHA256

      030ee398e53caf0928e757162f3c7be7d593a59dde2795991ec7e4fd8e71f2e3

    • SHA512

      efe7d716b4c2553b1dc295271b1bb32fccf12e2b64e6de7adbf5f8284bdee1c3a92b5a227c46a6bff6c1298d2e7319b73b7a75651710cad84564f0c4ec4c917f

    Score
    8/10
    discoveryevasionupx

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks