beapy | 2d95a0201b312eaa64bd1e481f53f141a62fd8336655cd60e10c2e54557db214 | Triage

Submit
Reports

Overview

overview

Static

static

3

bCddrx.exe

windows7-x64

bCddrx.exe

windows10-2004-x64

Sharing

General

Target

2d95a0201b312eaa64bd1e481f53f141a62fd8336655cd60e10c2e54557db214
Size

6.5MB
Sample

240123-lktbpahbcn
MD5

13ab9b13e67b3b4389f688224f1fbf36
SHA1

c513c94280532e70429bddbde593556bcb4ecb55
SHA256

2d95a0201b312eaa64bd1e481f53f141a62fd8336655cd60e10c2e54557db214
SHA512

078de25504e5cbcc8c220539b7f2e8fc38b4df15032ea193509eb605e6e34bb1eb9165fcf4ec0046aaad8f47ebdb710acb23ef1e96e2b047a14abefff0aedbbb
SSDEEP

196608:VqUZ/P/pRnYOfD73s15PpmXgagoDvs4faJCD0RWz1Uq6X:7vHH8Qgfo7sWOCr19a

Score

10^/10

beapy mimikatz discovery evasion miner pyinstaller worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bCddrx.exe

Resource

win7-20231129-en

beapy mimikatz discovery evasion miner pyinstaller worm

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

bCddrx.exe

Resource

win10v2004-20231215-en

beapy mimikatz discovery miner worm

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  bCddrx.exe
- Size
  
  6.6MB
- MD5
  
  fa8a122e30dff9097055c2766dbf1b33
- SHA1
  
  4a9efd5b753c6464403feb3c95d3cbe2ccac4980
- SHA256
  
  36c51a4e267fb9f2a32254e1012c47375c8d2bb75f8e7719f4b4bfaa026f3caf
- SHA512
  
  aef6e306b6c68316492cf077292d013570d5dc4ffe3a57128563af306e2269243a386c2585c6eafc2efc3ac8fb63309ad3f88f2020da260fa4147657d597282a
- SSDEEP
  
  196608:eAqjTpnhXlmyWCZNulPKQ8hY/Bkr/fOIT/+VdlBFKazL:kfauN/HYOSIT/EVF9n
Score

10^/10

beapy mimikatz discovery evasion miner pyinstaller worm
- Beapy
  Beapy is a python worm with crypto mining capabilities.
  miner worm beapy
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- Contacts a large (9655) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- mimikatz is an open source tool to dump credentials on Windows
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Command and Scripting Interpreter

Persistence

Account Manipulation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

beapymimikatzdiscoveryevasionminerpyinstallerworm

behavioral2

beapymimikatzdiscoveryminerworm

© 2018-2024

Terms | Privacy