General
-
Target
9ffa193108a51cbc901ffb13a07d70a8_JaffaCakes118
-
Size
271KB
-
Sample
240612-j1vhksvgna
-
MD5
9ffa193108a51cbc901ffb13a07d70a8
-
SHA1
7e74cc4561d7b6acd8a5f82e8ed0d0a71813b434
-
SHA256
27721c21711b0a8f2ae1d1e1187cf7f61db114255c824d4f26609f291ef35f49
-
SHA512
99d0d7cf9e979e6c2ba3eaa9f0d12b1f665feca0eaf07d18316e3ff25acf0f372717eb648fd734fa766de83b0a38662275e68a01eb91bcc110ba7d733818c1d4
-
SSDEEP
6144:ocSjxuf1/mO100DbkOiT+ZKyA8pCnjNKWA3OzA7S2XQjQhQwD:+oloWklsRWjHA3frqJwD
Malware Config
Targets
-
-
Target
9ffa193108a51cbc901ffb13a07d70a8_JaffaCakes118
-
Size
271KB
-
MD5
9ffa193108a51cbc901ffb13a07d70a8
-
SHA1
7e74cc4561d7b6acd8a5f82e8ed0d0a71813b434
-
SHA256
27721c21711b0a8f2ae1d1e1187cf7f61db114255c824d4f26609f291ef35f49
-
SHA512
99d0d7cf9e979e6c2ba3eaa9f0d12b1f665feca0eaf07d18316e3ff25acf0f372717eb648fd734fa766de83b0a38662275e68a01eb91bcc110ba7d733818c1d4
-
SSDEEP
6144:ocSjxuf1/mO100DbkOiT+ZKyA8pCnjNKWA3OzA7S2XQjQhQwD:+oloWklsRWjHA3frqJwD
Score10/10-
BetaBot
Beta Bot is a Trojan that infects computers and disables Antivirus.
-
Modifies firewall policy service
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1