beapy | 9e4bc06a4746f132fcaad9f28e995fb14b941f0fa3ebf2c90ddbf6d248e098cb | Triage

Sharing

General

Target

LisectAVT_2403002A_457.exe
Size

7.9MB
Sample

240725-azntzazfpg
MD5

df7de69ab2314a758f358bbcace32f89
SHA1

1b74178b6adc600bc5b6d32ef2bc5f2dc7b198cd
SHA256

9e4bc06a4746f132fcaad9f28e995fb14b941f0fa3ebf2c90ddbf6d248e098cb
SHA512

5f63c7644ae566cad308c4bd26931f1853cca48fc44788a5d8400d81a89e9bb5ff5876238de688dfd2c23f02c4d5bca0a02fef752dbad4b0319b31cf7b9972bf
SSDEEP

196608:eAqjTpnhXlmyWCZNulPKQ8hY/Bkr/fOIT/+VdlBFKazn4Arrk6/rL:kfauN/HYOSIT/EVF90AM6

Score

10^/10

beapy mimikatz defense_evasion discovery evasion miner persistence privilege_escalation pyinstaller worm

Malware Config

Targets

- Target
  
  LisectAVT_2403002A_457.exe
- Size
  
  7.9MB
- MD5
  
  df7de69ab2314a758f358bbcace32f89
- SHA1
  
  1b74178b6adc600bc5b6d32ef2bc5f2dc7b198cd
- SHA256
  
  9e4bc06a4746f132fcaad9f28e995fb14b941f0fa3ebf2c90ddbf6d248e098cb
- SHA512
  
  5f63c7644ae566cad308c4bd26931f1853cca48fc44788a5d8400d81a89e9bb5ff5876238de688dfd2c23f02c4d5bca0a02fef752dbad4b0319b31cf7b9972bf
- SSDEEP
  
  196608:eAqjTpnhXlmyWCZNulPKQ8hY/Bkr/fOIT/+VdlBFKazn4Arrk6/rL:kfauN/HYOSIT/EVF90AM6
Score

10^/10

beapy mimikatz defense_evasion discovery evasion miner persistence privilege_escalation pyinstaller worm
- Beapy
  Beapy is a python worm with crypto mining capabilities.
  miner worm beapy
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- Contacts a large (9654) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- mimikatz is an open source tool to dump credentials on Windows
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Indicator Removal: Clear Persistence
  Clear artifacts associated with previously established persistence like scheduletasks on a host.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Scheduled Task/Job

Scheduled Task

Persistence

Account Manipulation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Account Manipulation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Indicator Removal

Clear Persistence

Credential Access

Discovery

Domain Trust Discovery

Network Service Discovery

Permission Groups Discovery

Domain Groups

Local Groups

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

beapymimikatzdefense_evasiondiscoveryevasionminerpersistenceprivilege_escalationpyinstallerworm

behavioral2

beapymimikatzdiscoveryminerworm