General
-
Target
b18a0411c96c6ac019b62cfc19482928d03a3fccc2e6d626316186b78c835e23
-
Size
2.2MB
-
Sample
250311-ejdfhs1vhv
-
MD5
09a415bd40f5ce80c67030c6e5acd1d8
-
SHA1
38de73b59e4eff4be48b35534d8eed284228f16b
-
SHA256
b18a0411c96c6ac019b62cfc19482928d03a3fccc2e6d626316186b78c835e23
-
SHA512
99916c2eda4739d2576546e184c1e81f0e7790db6befc8f141809f384559677b13c92a91f05c7792a7224ef8734df7a42bf0d71232f02d78f2557cb3b3e89477
-
SSDEEP
6144:Ht+K0/s9DUu0vlP55/X0i6s5R7n1LU+b:Hp0/YF0dxD6IRT1LU2
Static task
static1
Behavioral task
behavioral1
Sample
b18a0411c96c6ac019b62cfc19482928d03a3fccc2e6d626316186b78c835e23.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
b18a0411c96c6ac019b62cfc19482928d03a3fccc2e6d626316186b78c835e23.exe
Resource
win10v2004-20250217-en
Malware Config
Targets
-
-
Target
b18a0411c96c6ac019b62cfc19482928d03a3fccc2e6d626316186b78c835e23
-
Size
2.2MB
-
MD5
09a415bd40f5ce80c67030c6e5acd1d8
-
SHA1
38de73b59e4eff4be48b35534d8eed284228f16b
-
SHA256
b18a0411c96c6ac019b62cfc19482928d03a3fccc2e6d626316186b78c835e23
-
SHA512
99916c2eda4739d2576546e184c1e81f0e7790db6befc8f141809f384559677b13c92a91f05c7792a7224ef8734df7a42bf0d71232f02d78f2557cb3b3e89477
-
SSDEEP
6144:Ht+K0/s9DUu0vlP55/X0i6s5R7n1LU+b:Hp0/YF0dxD6IRT1LU2
-
Betabot family
-
Modifies firewall policy service
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Image File Execution Options Injection
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Indicator Removal
1Clear Persistence
1Modify Registry
5