General

  • Target

    c0a8fd9f86b8d624c2da204032901470_JaffaCakes118

  • Size

    643KB

  • Sample

    241204-ebkvmawkbm

  • MD5

    c0a8fd9f86b8d624c2da204032901470

  • SHA1

    85d554691eb3dc82da85bd12adeac8187309bf42

  • SHA256

    29489fcd57f01e72a2a62e67380f59fd380bd9789b7673515ea6117e9119a577

  • SHA512

    d185abb5181d6114a3c6f296ff8e09178f7f5f68d5132b67860ad8a739f851cc16734e8e1ef3c3959f6e4338fbdbf8ff95013715e7294bd68ed8c8e4e8bd8bad

  • SSDEEP

    12288:0cXXraJn2wGkg7MYlIDPvdbtD1OYtkzadWyEZRjZGop1Mjd/94QT:Ji2w/EvOH31Oakz3jxpijd/mW

Malware Config

Targets

    • Target

      c0a8fd9f86b8d624c2da204032901470_JaffaCakes118

    • Size

      643KB

    • MD5

      c0a8fd9f86b8d624c2da204032901470

    • SHA1

      85d554691eb3dc82da85bd12adeac8187309bf42

    • SHA256

      29489fcd57f01e72a2a62e67380f59fd380bd9789b7673515ea6117e9119a577

    • SHA512

      d185abb5181d6114a3c6f296ff8e09178f7f5f68d5132b67860ad8a739f851cc16734e8e1ef3c3959f6e4338fbdbf8ff95013715e7294bd68ed8c8e4e8bd8bad

    • SSDEEP

      12288:0cXXraJn2wGkg7MYlIDPvdbtD1OYtkzadWyEZRjZGop1Mjd/94QT:Ji2w/EvOH31Oakz3jxpijd/mW

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Betabot family

    • Modifies firewall policy service

    • Event Triggered Execution: Image File Execution Options Injection

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks