Overview

overview

10

Static

static

3

Propuesta-...19.exe

windows7-x64

10

Propuesta-...19.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6edb21f557456debb935271882eaf43a_JaffaCakes118

  • Size

    540KB

  • Sample

    240524-rzfxsshf95

  • MD5

    6edb21f557456debb935271882eaf43a

  • SHA1

    0857d2e675c1dd3cc7615e89e0af0d07d05aaf29

  • SHA256

    6c0e021da9adc2d96e6cc097a1cd7797308feb5dcff63fce99080674b872f5ea

  • SHA512

    adbb494c2f097b809e8500d6fa87a4dc9f893ae0663f234528500f5ae9466200f2aa2f138fb1d037f7ac2cb6352c841ef8cb325d54acf625366e774d19d30315

  • SSDEEP

    12288:+fSMB/EYA6RovcirhEKwI4sqiYXDg+S8kKJ2cybQ5N+:oOHZtwI4XNjscyIN+

Score
10/10
betabotbackdoorbotnetevasionpersistencetrojan

Malware Config

Targets

    • Target

      Propuesta-estrategia 29-04-2019.exe

    • Size

      829KB

    • MD5

      c5625d3c00e416b314e651b3796ad436

    • SHA1

      47d90e9a8ba657c3bdb2121de6952bffbeb823ec

    • SHA256

      d4c6d32e6565f24f8e724b3b8bc084d7f1a387b4849d7352b1b1aef53ad0f0f9

    • SHA512

      f829e3d78b02abcf0614b954444fec9597adad7d5d8cafe7772f8e53dc89bd43a66dd76a85f183debd483f7343b810422276c64fc5a5fbbb4553e3db8a79694d

    • SSDEEP

      12288:4JypgB94+H6ExSDVjGj6AIoUeM2+Go7INKHu3/Ff/nAPx3cuCMb+raMe+bwvMxQ:jpqVSByj/k73ikxMutQbwUy

    Score
    10/10
    betabotbackdoorbotnetevasionpersistencetrojan

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

      trojanbackdoorbotnetbetabot

    • Modifies firewall policy service

      evasion

    • Sets file execution options in registry

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Defense Evasion

Modify Registry

6
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks