beapy | ef23f59e2d240e13e9e8d711a13b75e8941cbe412b88220e962ab313716af96d | Triage

Submit
Reports

Overview

overview

Static

static

3

Guide_Mining.exe

windows7-x64

Guide_Mining.exe

windows10-2004-x64

Sharing

General

Target

Guide_Mining
Size

6.6MB
Sample

231113-lazqqacb72
MD5

3c4e61f097bc2ff5efa6f56f07560abc
SHA1

4d32b5ca5daaa79db724d1b7c7abd53165f8c675
SHA256

ef23f59e2d240e13e9e8d711a13b75e8941cbe412b88220e962ab313716af96d
SHA512

8e6c0f3b1642656966d36cdc71d9dc3bbcb30b5c590d8dfcfae0d90002733ef40319baa361565106be999465c3f71f3318514782b634c1b73a718a0306580cc8
SSDEEP

196608:eAqjTpnhXlmyWCZNulPKQ8hY/Bkr/fOIT/+VdlBFKazf:kfauN/HYOSIT/EVF9j

Score

10^/10

beapy mimikatz discovery evasion miner pyinstaller worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Guide_Mining.exe

Resource

win7-20231023-en

beapy mimikatz discovery evasion miner worm

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

Guide_Mining.exe

Resource

win10v2004-20231023-en

beapy mimikatz discovery miner worm

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  Guide_Mining
- Size
  
  6.6MB
- MD5
  
  3c4e61f097bc2ff5efa6f56f07560abc
- SHA1
  
  4d32b5ca5daaa79db724d1b7c7abd53165f8c675
- SHA256
  
  ef23f59e2d240e13e9e8d711a13b75e8941cbe412b88220e962ab313716af96d
- SHA512
  
  8e6c0f3b1642656966d36cdc71d9dc3bbcb30b5c590d8dfcfae0d90002733ef40319baa361565106be999465c3f71f3318514782b634c1b73a718a0306580cc8
- SSDEEP
  
  196608:eAqjTpnhXlmyWCZNulPKQ8hY/Bkr/fOIT/+VdlBFKazf:kfauN/HYOSIT/EVF9j
Score

10^/10

beapy mimikatz discovery evasion miner worm
- Beapy
  Beapy is a python worm with crypto mining capabilities.
  miner worm beapy
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- Contacts a large (3313) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Contacts a large (8384) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- mimikatz is an open source tool to dump credentials on Windows
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Scheduled Task/Job

Persistence

Account Manipulation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Account Manipulation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

beapymimikatzdiscoveryevasionminerworm

behavioral2

beapymimikatzdiscoveryminerworm

© 2018-2025

Terms | Privacy