General

  • Target

    648dcef19bfcb78f42b17442c9546db4_JaffaCakes118

  • Size

    292KB

  • Sample

    240521-ylf4zagf8t

  • MD5

    648dcef19bfcb78f42b17442c9546db4

  • SHA1

    e82e601a066cc4f68d568740171247fdabd0d77f

  • SHA256

    24f8ecc0a4f1dc86f9b9d2dd58d2fdbf6fc51deb617d63d5076ea94a5e1c5fe6

  • SHA512

    c50afb3eecfccf1e6224921381f06ee69a01c948e2968863d9f74f653bf27aebe7032a049f57c9ea1dbe6eb2e1f2745f7c65adde00feb07e5c3ce6de3051e314

  • SSDEEP

    6144:u+kAr8XmW9K7YBddThv2XHYN/e1l8D1QTwme:u+k7Ww8y2XHe/eHPI

Malware Config

Targets

    • Target

      648dcef19bfcb78f42b17442c9546db4_JaffaCakes118

    • Size

      292KB

    • MD5

      648dcef19bfcb78f42b17442c9546db4

    • SHA1

      e82e601a066cc4f68d568740171247fdabd0d77f

    • SHA256

      24f8ecc0a4f1dc86f9b9d2dd58d2fdbf6fc51deb617d63d5076ea94a5e1c5fe6

    • SHA512

      c50afb3eecfccf1e6224921381f06ee69a01c948e2968863d9f74f653bf27aebe7032a049f57c9ea1dbe6eb2e1f2745f7c65adde00feb07e5c3ce6de3051e314

    • SSDEEP

      6144:u+kAr8XmW9K7YBddThv2XHYN/e1l8D1QTwme:u+k7Ww8y2XHe/eHPI

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Modifies firewall policy service

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Defense Evasion

Modify Registry

6
T1112

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Tasks