Beep: A customizable malware evades detection

Beep malware, also known as “Backdoor.BEeP” or “BKDR_BEEP.A,” is a type of malicious software that is designed to give unauthorized access to a victim’s computer system. First discovered in 2015, Beep is an information stealer malware that uses three separate components: a dropper, an injector, and the payload.

The dropper (“big.dll”) creates a new registry key with an ‘AphroniaHaimavati’ value that contains a base64 encoded PowerShell script. This PowerShell script is launched every 13 minutes using a Windows scheduled task. The script downloads information and saves it in an injector called AphroniaHaimavati.dll before launching it.

The injector is the component that uses a range of anti-debugging and anti-vm techniques to inject the payload into a legitimate system process (“WWAHost.exe”) via process hollowing, to evade detection from anti-virus tools running on the host. Finally, the primary payload attempts to collect data from the compromised machine, encrypt it, and send it to the C2.

The malware is delivered via email attachments, social media networks such as Discord, or via public file-hosting service OneDrive. In addition, Beep malware is designed to be modular, which means that attackers can easily customize it to fit their specific needs. They can add or remove functionality depending on their objectives, making it a versatile tool for cybercriminals.

What makes Beep standout among the other malware is its heavy focus on stealth, adopting a sheer number of detection evasion methods to resist analysis, avoid sandboxes, and delay execution. For instance, Beep uses sandbox evasion techniques to bypass sandbox security systems used to test suspicious programs for malware activity. Beep also uses encryption techniques to disguise its malicious activity, making it even more difficult to detect.

The malware has targeted various industries, including healthcare, energy, finance, and technology, in several countries around the world. Some of the countries that have been affected by Beep malware include the United States, Canada, Germany, Japan, and South Korea.


SISA’s Latest
close slider