Overview

overview

10

Static

static

3

1791f9961b...18.exe

windows7-x64

10

1791f9961b...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$TEMP/fireguard.dll

windows7-x64

3

$TEMP/fireguard.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1791f9961bf2f47483340dbf27282628_JaffaCakes118

  • Size

    401KB

  • Sample

    240505-n54z2acf42

  • MD5

    1791f9961bf2f47483340dbf27282628

  • SHA1

    e0595377579cd093ff5caa8bdab5893094d294e5

  • SHA256

    8fc177801ebf737d388b516947106943c8bd3c6b4b3c1ed72486621b617cc397

  • SHA512

    c6e81d0c7389e785d2be6cdafce36bc7c536a983ff178f4bc6f85ea3587ea77336c4db4bc6d375bd0f155b218c3dac65f0f74847f3c0a6b3db6c4f9b83feadf5

  • SSDEEP

    12288:iOn6slzSR6croLZLontmIEGhmdyegN5KD/k:iOn6s06goLkNAPe

Score
10/10
betabotbackdoorbotnetevasionpersistencetrojan

Malware Config

Targets

    • Target

      1791f9961bf2f47483340dbf27282628_JaffaCakes118

    • Size

      401KB

    • MD5

      1791f9961bf2f47483340dbf27282628

    • SHA1

      e0595377579cd093ff5caa8bdab5893094d294e5

    • SHA256

      8fc177801ebf737d388b516947106943c8bd3c6b4b3c1ed72486621b617cc397

    • SHA512

      c6e81d0c7389e785d2be6cdafce36bc7c536a983ff178f4bc6f85ea3587ea77336c4db4bc6d375bd0f155b218c3dac65f0f74847f3c0a6b3db6c4f9b83feadf5

    • SSDEEP

      12288:iOn6slzSR6croLZLontmIEGhmdyegN5KD/k:iOn6s06goLkNAPe

    Score
    10/10
    betabotbackdoorbotnetevasionpersistencetrojan

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

      trojanbackdoorbotnetbetabot

    • Modifies firewall policy service

      evasion

    • Sets file execution options in registry

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      fbe295e5a1acfbd0a6271898f885fe6a

    • SHA1

      d6d205922e61635472efb13c2bb92c9ac6cb96da

    • SHA256

      a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1

    • SHA512

      2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06

    • SSDEEP

      192:yPtkiQJr7V9r3Ftr87NfwXQ6whlgi62V7i77blbTc4DI:N7Vxr8IgLgi3sVc4

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      ab101f38562c8545a641e95172c354b4

    • SHA1

      ec47ac5449f6ee4b14f6dd7ddde841a3e723e567

    • SHA256

      3cdf3e24c87666ed5c582b8b028c01ee6ac16d5a9b8d8d684ae67605376786ea

    • SHA512

      72d4b6dc439f40b7d68b03353a748fc3ad7ed10b0401741c5030705d9b1adef856406075e9ce4f1a08e4345a16e1c759f636c38ad92a57ef369867a9533b7037

    • SSDEEP

      96:o3W4JlD3c151V1gQoE8cxM2DjDf3GEst+Nt+jvcx4K8qndYv0PLE:o3p3ggQF8REskpxZdO0PLE

    Score
    3/10
    behavioral5behavioral6

    • Target

      $TEMP/fireguard.dll

    • Size

      69KB

    • MD5

      0b5dbd2725bc7b0697f9ddeab360920f

    • SHA1

      5b3feef13a8932f40cb6a55e6ca0df39cdc731b3

    • SHA256

      eed5d36879e2d0bee35d885b9546772c00d3f34115c4e23916cccfe87e33ea82

    • SHA512

      773a51541bd7c5f6ee1817b78ad156a8c81c060bc030a0b1f232ddcecabc873ae06b46fd038d44060ad283fd27137ef67854e18fd611157e828b5d8c0b5a6ac9

    • SSDEEP

      768:h2l32rOdVMYGFeJ8md+WOOeNS01MVV8FJSaBRAOa66k4fTEbge:FriRN+WSDUG3pBf6boM

    Score
    3/10
    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks