General

  • Target

    b18a0411c96c6ac019b62cfc19482928d03a3fccc2e6d626316186b78c835e23

  • Size

    2.2MB

  • Sample

    250311-ejdfhs1vhv

  • MD5

    09a415bd40f5ce80c67030c6e5acd1d8

  • SHA1

    38de73b59e4eff4be48b35534d8eed284228f16b

  • SHA256

    b18a0411c96c6ac019b62cfc19482928d03a3fccc2e6d626316186b78c835e23

  • SHA512

    99916c2eda4739d2576546e184c1e81f0e7790db6befc8f141809f384559677b13c92a91f05c7792a7224ef8734df7a42bf0d71232f02d78f2557cb3b3e89477

  • SSDEEP

    6144:Ht+K0/s9DUu0vlP55/X0i6s5R7n1LU+b:Hp0/YF0dxD6IRT1LU2

Malware Config

Targets

    • Target

      b18a0411c96c6ac019b62cfc19482928d03a3fccc2e6d626316186b78c835e23

    • Size

      2.2MB

    • MD5

      09a415bd40f5ce80c67030c6e5acd1d8

    • SHA1

      38de73b59e4eff4be48b35534d8eed284228f16b

    • SHA256

      b18a0411c96c6ac019b62cfc19482928d03a3fccc2e6d626316186b78c835e23

    • SHA512

      99916c2eda4739d2576546e184c1e81f0e7790db6befc8f141809f384559677b13c92a91f05c7792a7224ef8734df7a42bf0d71232f02d78f2557cb3b3e89477

    • SSDEEP

      6144:Ht+K0/s9DUu0vlP55/X0i6s5R7n1LU+b:Hp0/YF0dxD6IRT1LU2

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Betabot family

    • Modifies firewall policy service

    • Event Triggered Execution: Image File Execution Options Injection

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks