General
-
Target
BETA Ex3cutor [by ryosx] ByfronBypass.zip
-
Size
9.5MB
-
Sample
240522-1979gaba6z
-
MD5
7aa0295f329b0748434c673d0f04a707
-
SHA1
12dea3092c00d8e8212f133e1cf47ba30403baf6
-
SHA256
ed26db0da7361601cfab62429672a35be01ad8579f9ad6ba004442c6942d07ee
-
SHA512
f867db7abb136a552ab3f161722bdea8203f2039a367b1af9922965eac5caed992b8032666500c15c06bef53f89615565b87abfd799be64a1acbd2423e5f8644
-
SSDEEP
196608:IY0XaSXkMTB+zyGJtU6z8kAkNPSUJDkoe6/iFeTB1wbRJGH:7EadyAtU6YkAkNReoeDE1wrM
Malware Config
Extracted
lumma
https://employeedscratshj.shop/api
https://museumtespaceorsp.shop/api
https://buttockdecarderwiso.shop/api
https://averageaattractiionsl.shop/api
https://femininiespywageg.shop/api
https://employhabragaomlsp.shop/api
https://stalfbaclcalorieeis.shop/api
https://civilianurinedtsraov.shop/api
https://roomabolishsnifftwk.shop/api
Targets
-
-
Target
BETA/BETA Executor V3.1.exe
-
Size
200.0MB
-
MD5
e8c4b28ff455621e8722b30ce960d53f
-
SHA1
79feff13fb183a97e0c12690f3df75affa4c9063
-
SHA256
5d4a1d9250a57c5f889ee37a8262bd850bf7ac50e7bc82588b22d2ea3ac36166
-
SHA512
8766dc59c0584cf78fa8f1d884d2ae575f39691b6a1641e2bf32aae713e7c365404c7b400842b24167b2d47503fe868b1e88d8c34e3331ea4204beb5c5cd894f
-
SSDEEP
24576:FzO9QInrUh4tZvrF08jgLCZ3oIaozZ9G6BrgLCWK47m:gnhZv/jg2ZQolNrgL9K4K
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-