Overview

overview

10

Static

static

3

Plugins/CmdBar.dll

windows7-x64

1

Plugins/CmdBar.dll

windows10-2004-x64

1

betab.exe

windows7-x64

10

betab.exe

windows10-2004-x64

10

#/1.exe

windows7-x64

#/1.exe

windows10-2004-x64

#/2.exe

windows7-x64

#/2.exe

windows10-2004-x64

ioncube_lo...5.4.so

ubuntu-20.04-amd64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    216de5915990a2a480f7d30f2f81da8f_JaffaCakes118

  • Size

    945KB

  • Sample

    240507-ycp1hscb5x

  • MD5

    216de5915990a2a480f7d30f2f81da8f

  • SHA1

    919a8aa62096c5e436bf998be9b9b33b42fb211e

  • SHA256

    4a833b842da4b80715e9b02dc862fc3fd5fcda28a0e559e982876d024262b7f7

  • SHA512

    3338a2e81fa7a6789b6c0493df68e753e6179b8f84f004d7afe18f6126f01b2638195076370bf1d8c79757841b8254753578095c4c45178f644df23e283aa657

  • SSDEEP

    24576:TElnUTShxtgQAHPFUKxc5u8HqnmTp14UPfQ3:gwShEQAgTCC4UQ3

Score
10/10
betabotbackdoorbotnetevasionlinuxpersistencetrojan

Malware Config

Targets

    • Target

      Plugins/CmdBar.dll

    • Size

      63KB

    • MD5

      6c7ba28fd1aacd8c4f5c46f76b855199

    • SHA1

      c908a3763dda6ed0bc59a3030e080852a15fc6ec

    • SHA256

      f9cf91a8c49149c7b05f61185a869af9878a73a19905bad07fa7ac83fe4ed46e

    • SHA512

      25854d739fdb61a925f4a2f97f01201c10f1d2286239a0d291a6c1003404d50f43934399cab7d2dc338c43b10eca7f937c4bcd047e279b474909689a83f5405c

    • SSDEEP

      1536:v2kXPRaKjgeTmBsrZWdpIty325HS67wGsGYtI:v24RF3Hw3EHSk

    Score
    1/10
    behavioral1behavioral2

    • Target

      betab.exe

    • Size

      407KB

    • MD5

      0837a200fd5a11fab728f51384eb8cce

    • SHA1

      7133b6733d36d28aa19b9366689845b356f2b9fd

    • SHA256

      2701eb12bc858772f0fbb29b7c18c4780afecba78e778f4363a78fc8b39feb48

    • SHA512

      176903813e8b28327f671ee4429a3ab51899e446c63cc84d182cbb6ebe68a85b61e22a83696b9b01e5cb251e7fcaa58c296b237a965045832568eda9b727a86f

    • SSDEEP

      12288:qAz8w1X6aftpy7rqvDTdV9Jjg0/9N+5Ct:9zlmroh3JgQAe

    Score
    10/10
    betabotbackdoorbotnetevasionpersistencetrojan

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

      trojanbackdoorbotnetbetabot

    • Modifies firewall policy service

      evasion

    • Sets file execution options in registry

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

    • Target

      #/1.exe

    • Size

      255KB

    • MD5

      9c94decb82adea9cf528ddb56ff5fef1

    • SHA1

      d0d3dfb1ea87ea5a72a8e759e35c4bdaed4cfabb

    • SHA256

      2a59aa5d2ed61d359908f7cf6c8b099104627869c778a61d92201f392e7aa85e

    • SHA512

      3ab32bb2abb5b92e49cc322d29f0bdbc8de79aace3782bd30079455ffcc6f07ecd7c8d10522c0fce07dade813219886fdab7f8ff9e91685a2af42e22302e393c

    • SSDEEP

      6144:ncqADmbF+RqbtApizLipXdVpDUebo2xZwTWVbkz8kS:cSZtb+88V7BxqCVozu

    Score
    1/10
    behavioral5behavioral6

    • Target

      #/2.exe

    • Size

      186KB

    • MD5

      5adfa47d7c60b040350f0030c73e4a8f

    • SHA1

      cd396b9c81718a20f34413f73082690051a708e3

    • SHA256

      e1014e6e143d5bd95b776777c730ec7c5ba67b82d9e60e78c28ff9eebb3ea2b8

    • SHA512

      ffd7f515cd3670bd66ed096e77b9845d5e3566ff12755a1ab870dceff3d9d5081e518c5da72f6821727de2ead7d5df18246786968c9abb514a0699992e4a084a

    • SSDEEP

      3072:5xSf/XWFvPUpUKoRu1sV6O74201OkV4roT:5xkii+u1sLSVd

    Score
    1/10
    behavioral7behavioral8

    • Target

      ioncube_loader_lin_5.4.so

    • Size

      1.4MB

    • MD5

      6b11f7714b5c2ab686174db25c195dfa

    • SHA1

      769a7b3add9126d661ff0908373e8296d47be5a8

    • SHA256

      47fdce30362343e00705e50c7c7bebf1c48b929fec69b04bdb6742c185083d5e

    • SHA512

      c7ce4f80fddbff16a762391fc7c6f238065f60bf92dc5e4a2139ad0b0c3d49a1fcb2df11acd5e4c66bed7f5cbae69d794c03d4ac37699a73d45d8d329ad51a03

    • SSDEEP

      24576:Dbu1ChR4izjiyuppS0sPuWHIhiLHY1dME7jawfg4TqioJtK1W425T:xR/78dsPuWo91H7mV4Tf2

    Score
    1/10
    behavioral9

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Defense Evasion

Modify Registry

6
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

5
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks