beatdrop | 95bbd494cecc25a422fa35912ec2365f3200d5a18ea4bfad5566432eb0834f9f | Triage

Sharing

General

Target

95bbd494cecc25a422fa35912ec2365f3200d5a18ea4bfad5566432eb0834f9f
Size

248KB
Sample

240410-p15ansbc7z
MD5

e031c9984f65a9060ec1e70fbb84746b
SHA1

b01950ed9b1929fee04a9c23ac49e3de89e37228
SHA256

95bbd494cecc25a422fa35912ec2365f3200d5a18ea4bfad5566432eb0834f9f
SHA512

5dd1f004516b9fc0f0c36bca22dafaed9103191ebeea291e8d6f32f9b01b77fb18a0c4c5d04bd760a38651380a3680ede8b07f3d522f710b3df228ac8d934a2b
SSDEEP

6144:Gv77pPt5CRJRYHdhtxESU6FmixSG8aKUBYA/D1Q:GvX5C/qdhMZpG8a2A5Q

Score

10^/10

beatdrop loader persistence

Malware Config

Targets

- Target
  
  95bbd494cecc25a422fa35912ec2365f3200d5a18ea4bfad5566432eb0834f9f
- Size
  
  248KB
- MD5
  
  e031c9984f65a9060ec1e70fbb84746b
- SHA1
  
  b01950ed9b1929fee04a9c23ac49e3de89e37228
- SHA256
  
  95bbd494cecc25a422fa35912ec2365f3200d5a18ea4bfad5566432eb0834f9f
- SHA512
  
  5dd1f004516b9fc0f0c36bca22dafaed9103191ebeea291e8d6f32f9b01b77fb18a0c4c5d04bd760a38651380a3680ede8b07f3d522f710b3df228ac8d934a2b
- SSDEEP
  
  6144:Gv77pPt5CRJRYHdhtxESU6FmixSG8aKUBYA/D1Q:GvX5C/qdhMZpG8a2A5Q
Score

10^/10

beatdrop loader persistence
- BEATDROP
  BEATDROP is a loader which uses Atlassian's Trello service as C&C.
  loader beatdrop
- Detects BEATDROP loader
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

beatdroploaderpersistence

behavioral2

beatdroploaderpersistence