General

  • Target

    c1587515102a00a660b1688218d545f2_JaffaCakes118

  • Size

    498KB

  • Sample

    241204-hlrbyawpbz

  • MD5

    c1587515102a00a660b1688218d545f2

  • SHA1

    5a472b9da22f089d0a9b9e576c256165ac6a2844

  • SHA256

    64efea6bbaca5fcd316083bfa94eeed68751308f228e1f040b0ad4e62169f1ba

  • SHA512

    e175625938e585a93132a572526c22bffe7eae50fc9f51639e78213365df756c062c2a1ac5d0a255f5cffd0cbad0fd99c95dc67f9d96d6f718d1146b4e773bfd

  • SSDEEP

    6144:jd31DD86nRjT3k+g7P2vX0S9Eyjw/Vb9lMGhb9lGhZDah54FKVLrauZYtF18CvVM:jl2ijhM1WjwtbZhb9lOY8+XAtF+Cd/

Malware Config

Targets

    • Target

      c1587515102a00a660b1688218d545f2_JaffaCakes118

    • Size

      498KB

    • MD5

      c1587515102a00a660b1688218d545f2

    • SHA1

      5a472b9da22f089d0a9b9e576c256165ac6a2844

    • SHA256

      64efea6bbaca5fcd316083bfa94eeed68751308f228e1f040b0ad4e62169f1ba

    • SHA512

      e175625938e585a93132a572526c22bffe7eae50fc9f51639e78213365df756c062c2a1ac5d0a255f5cffd0cbad0fd99c95dc67f9d96d6f718d1146b4e773bfd

    • SSDEEP

      6144:jd31DD86nRjT3k+g7P2vX0S9Eyjw/Vb9lMGhb9lGhZDah54FKVLrauZYtF18CvVM:jl2ijhM1WjwtbZhb9lOY8+XAtF+Cd/

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Betabot family

    • Modifies firewall policy service

    • Event Triggered Execution: Image File Execution Options Injection

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks