beatdrop | 5f01eb447cb63c40c2d923b15c5ecb5ba47ea72e600797d5d96e228f4cf13f13

Sharing

Copy URL

Twitter E-mail

General

Target

5f01eb447cb63c40c2d923b15c5ecb5ba47ea72e600797d5d96e228f4cf13f13
Size

247KB
MD5

c4df0507f56e30b264c848c6096b69ae
SHA1

09841dc9c6f1d2e38d104da514901fbcd028a8f9
SHA256

5f01eb447cb63c40c2d923b15c5ecb5ba47ea72e600797d5d96e228f4cf13f13
SHA512

56a9778bdc8a8c86a3947594502ec46136cf4ed9c7bdc71c15630659b4c310bc42a89a995a192fbde0b29f3c8cd0c31a2fd50e10cffde11b5a74fb8eadd8df92
SSDEEP

6144:Kw7pPIEmwwD8xijj1WSo0+doNzpCUBlHI:kEmfAM1+doXHI

Score

10^/10

beatdrop

Malware Config

Signatures

Beatdrop family
beatdrop

Detects BEATDROP loader 1 IoCs

resource	yara_rule
sample	family_beatdrop

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f01eb447cb63c40c2d923b15c5ecb5ba47ea72e600797d5d96e228f4cf13f13

Files

5f01eb447cb63c40c2d923b15c5ecb5ba47ea72e600797d5d96e228f4cf13f13
.dll windows:4 windows x64 arch:x64

9b75c715589663e6b77818c77bb8e429

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

GetUserNameA

kernel32

CloseHandle
CreateFileA
CreateFileMappingA
CreateSemaphoreW
DeleteCriticalSection
EnterCriticalSection
GetComputerNameExA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetSystemTimeAsFileTime
GetThreadContext
GetTickCount
GetTimeZoneInformation
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
MapViewOfFile
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
ReleaseSemaphore
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetLastError
SetThreadContext
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteProcessMemory

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_assert
_ctime64
_errno
_initterm
_lock
_unlock
abort
calloc
fclose
fopen
fputc
fputs
free
fwrite
islower
isspace
isupper
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
realloc
signal
sprintf
strcmp
strerror
strlen
strncmp
vfprintf
wcslen
_write
_read
_fileno

psapi

GetModuleInformation

wininet

HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetReadFile

ws2_32

WSAStartup
gethostbyname
gethostname
inet_ntoa

Exports

Exports

Trello

Sections

.text
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b75c715589663e6b77818c77bb8e429

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

psapi

wininet

ws2_32

Exports

Exports

Sections

.text Size: 182KB - Virtual size: 181KB

.data Size: 512B - Virtual size: 464B

.rdata Size: 33KB - Virtual size: 32KB

.pdata Size: 11KB - Virtual size: 11KB

.xdata Size: 13KB - Virtual size: 12KB

.bss Size: - Virtual size: 5KB

.edata Size: 512B - Virtual size: 68B

.idata Size: 4KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 182KB - Virtual size: 181KB

.data
Size: 512B - Virtual size: 464B

.rdata
Size: 33KB - Virtual size: 32KB

.pdata
Size: 11KB - Virtual size: 11KB

.xdata
Size: 13KB - Virtual size: 12KB

.bss
Size: - Virtual size: 5KB

.edata
Size: 512B - Virtual size: 68B

.idata
Size: 4KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 1024B