beapy | 126dddc6b55c4faeb42f92834ed97a89a1d085233b3fb46a70ee09240405890d | Triage

Submit
Reports

Overview

overview

Static

static

3

914596a5fa...cs.exe

windows7-x64

914596a5fa...cs.exe

windows10-2004-x64

Sharing

General

Target

914596a5fa092ea63fd3d3e4e9a1dfd0_NeikiAnalytics
Size

6.6MB
Sample

240516-edd5vsag8s
MD5

914596a5fa092ea63fd3d3e4e9a1dfd0
SHA1

8e2609c6c5f19dc56f6a891ee2267bdb70e7188d
SHA256

126dddc6b55c4faeb42f92834ed97a89a1d085233b3fb46a70ee09240405890d
SHA512

515ff0a5067ffe02ae681251d3670e9a2037d95aa6f85f3558cde2eabb45760d8826a781083e2dbd566915973278ccad430ea55ceb69c4e8b162340f5187353b
SSDEEP

196608:eAqjTpnhXlmyWCZNulPKQ8hY/Bkr/fOIT/+VdlBFKazr:kfauN/HYOSIT/EVF9v

Score

10^/10

beapy mimikatz discovery evasion miner pyinstaller worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

914596a5fa092ea63fd3d3e4e9a1dfd0_NeikiAnalytics.exe

Resource

win7-20240221-en

beapy mimikatz discovery evasion miner pyinstaller worm

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

914596a5fa092ea63fd3d3e4e9a1dfd0_NeikiAnalytics.exe

Resource

win10v2004-20240508-en

beapy mimikatz discovery miner worm

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  914596a5fa092ea63fd3d3e4e9a1dfd0_NeikiAnalytics
- Size
  
  6.6MB
- MD5
  
  914596a5fa092ea63fd3d3e4e9a1dfd0
- SHA1
  
  8e2609c6c5f19dc56f6a891ee2267bdb70e7188d
- SHA256
  
  126dddc6b55c4faeb42f92834ed97a89a1d085233b3fb46a70ee09240405890d
- SHA512
  
  515ff0a5067ffe02ae681251d3670e9a2037d95aa6f85f3558cde2eabb45760d8826a781083e2dbd566915973278ccad430ea55ceb69c4e8b162340f5187353b
- SSDEEP
  
  196608:eAqjTpnhXlmyWCZNulPKQ8hY/Bkr/fOIT/+VdlBFKazr:kfauN/HYOSIT/EVF9v
Score

10^/10

beapy mimikatz discovery evasion miner pyinstaller worm
- Beapy
  Beapy is a python worm with crypto mining capabilities.
  miner worm beapy
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- Contacts a large (7368) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- mimikatz is an open source tool to dump credentials on Windows
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Command and Scripting Interpreter

Persistence

Account Manipulation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Network Service Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

beapymimikatzdiscoveryevasionminerpyinstallerworm

behavioral2

beapymimikatzdiscoveryminerworm

© 2018-2024

Terms | Privacy