beatdrop | 8bdd318996fb3a947d10042f85b6c6ed29547e1d6ebdc177d5d85fa26859e1ca

Sharing

Copy URL

Twitter E-mail

General

Target

8bdd318996fb3a947d10042f85b6c6ed29547e1d6ebdc177d5d85fa26859e1ca
Size

247KB
MD5

a0b4e7622728c317f37ae354b8bc3dbb
SHA1

bdfd9f8371e683e9013b74cc61a3583acf9206ad
SHA256

8bdd318996fb3a947d10042f85b6c6ed29547e1d6ebdc177d5d85fa26859e1ca
SHA512

b5c660d3f69f6558c596861ae86731b8c9fa3f064eea0be62be9b20b79d2ffeab98873b72a81fb21b1b2f7c6d979ad42be03d917a52e33456b56a6d7d49a292c
SSDEEP

6144:Kw7pPIEmwwD8xijj1WSo0+doNzpCUBlHe:kEmfAM1+doXHe

Score

10^/10

beatdrop

Malware Config

Signatures

Beatdrop family
beatdrop
Detects BEATDROP loader 1 IoCs

Processes:

resource yara_rule

sample family_beatdrop

resource	yara_rule
sample	family_beatdrop

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
8bdd318996fb3a947d10042f85b6c6ed29547e1d6ebdc177d5d85fa26859e1ca

Files

8bdd318996fb3a947d10042f85b6c6ed29547e1d6ebdc177d5d85fa26859e1ca
.dll windows:4 windows x64 arch:x64

9b75c715589663e6b77818c77bb8e429

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

GetUserNameA

kernel32

CloseHandle
CreateFileA
CreateFileMappingA
CreateSemaphoreW
DeleteCriticalSection
EnterCriticalSection
GetComputerNameExA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetSystemTimeAsFileTime
GetThreadContext
GetTickCount
GetTimeZoneInformation
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
MapViewOfFile
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
ReleaseSemaphore
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetLastError
SetThreadContext
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteProcessMemory

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_assert
_ctime64
_errno
_initterm
_lock
_unlock
abort
calloc
fclose
fopen
fputc
fputs
free
fwrite
islower
isspace
isupper
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
realloc
signal
sprintf
strcmp
strerror
strlen
strncmp
vfprintf
wcslen
_write
_read
_fileno

psapi

GetModuleInformation

wininet

HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetReadFile

ws2_32

WSAStartup
gethostbyname
gethostname
inet_ntoa

Exports

Exports

Trello

Sections

.text
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b75c715589663e6b77818c77bb8e429

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

psapi

wininet

ws2_32

Exports

Exports

Sections

.text Size: 182KB - Virtual size: 181KB

.data Size: 512B - Virtual size: 464B

.rdata Size: 33KB - Virtual size: 32KB

.pdata Size: 11KB - Virtual size: 11KB

.xdata Size: 13KB - Virtual size: 12KB

.bss Size: - Virtual size: 5KB

.edata Size: 512B - Virtual size: 68B

.idata Size: 4KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 182KB - Virtual size: 181KB

.data
Size: 512B - Virtual size: 464B

.rdata
Size: 33KB - Virtual size: 32KB

.pdata
Size: 11KB - Virtual size: 11KB

.xdata
Size: 13KB - Virtual size: 12KB

.bss
Size: - Virtual size: 5KB

.edata
Size: 512B - Virtual size: 68B

.idata
Size: 4KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 1024B