beapy | a89b31c8a53ae6815016cf05b732a589183a04a67ebc2c2bca1eb52b9245cc5b | Triage

Submit
Reports

Overview

overview

Static

static

3

2025-04-17...er.exe

windows10-2004-x64

2025-04-17...er.exe

windows11-21h2-x64

Sharing

General

Target

2025-04-17_89ee742dc6c08606eb0ea804318d2d09_black-basta_elex_luca-stealer
Size

6.6MB
Sample

250417-v77l9sw1ht
MD5

89ee742dc6c08606eb0ea804318d2d09
SHA1

3ebda5cd87a1ee41f988cb11ec76fb8bb4654080
SHA256

a89b31c8a53ae6815016cf05b732a589183a04a67ebc2c2bca1eb52b9245cc5b
SHA512

7d49387f432528bd471d500e4db7217bf2553c445ce6031724a27e82d6b9c799455fae9531cf52d393f6177e0d84e18a72e20507ee28f3e8db4e05006dad1d7a
SSDEEP

196608:eAqjTpnhXlmyWCZNulPKQ8hY/Bkr/fOIT/+VdlBFKazb:kfauN/HYOSIT/EVF9P

Score

10^/10

beapy discovery miner pyinstaller worm

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2025-04-17_89ee742dc6c08606eb0ea804318d2d09_black-basta_elex_luca-stealer.exe

Resource

win10v2004-20250314-en

beapy discovery miner worm

windows10-2004-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-04-17_89ee742dc6c08606eb0ea804318d2d09_black-basta_elex_luca-stealer.exe

Resource

win11-20250410-en

beapy discovery miner worm

windows11-21h2-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  2025-04-17_89ee742dc6c08606eb0ea804318d2d09_black-basta_elex_luca-stealer
- Size
  
  6.6MB
- MD5
  
  89ee742dc6c08606eb0ea804318d2d09
- SHA1
  
  3ebda5cd87a1ee41f988cb11ec76fb8bb4654080
- SHA256
  
  a89b31c8a53ae6815016cf05b732a589183a04a67ebc2c2bca1eb52b9245cc5b
- SHA512
  
  7d49387f432528bd471d500e4db7217bf2553c445ce6031724a27e82d6b9c799455fae9531cf52d393f6177e0d84e18a72e20507ee28f3e8db4e05006dad1d7a
- SSDEEP
  
  196608:eAqjTpnhXlmyWCZNulPKQ8hY/Bkr/fOIT/+VdlBFKazb:kfauN/HYOSIT/EVF9P
Score

10^/10

beapy discovery miner worm
- Beapy
  Beapy is a python worm with crypto mining capabilities.
  miner worm beapy
- Beapy family
  beapy
- Contacts a large (8163) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Account Manipulation

Privilege Escalation

Account Manipulation

Defense Evasion

Credential Access

Discovery

Domain Trust Discovery

Network Service Discovery

Permission Groups Discovery

Domain Groups

Local Groups

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

beapydiscoveryminerworm

behavioral2

beapydiscoveryminerworm

© 2018-2025

Terms | Privacy