betabot | 4aec2461eda1de35cd37c3d182e7d8d7ee6d4ad76c6f9ad3abd70c1fa61aed6f | Triage

Submit
Reports

Overview

overview

Static

static

Factura_pdf.exe

windows7_x64

Factura_pdf.exe

windows10_x64

Sharing

General

Target

Factura_pdf.zip
Size

494KB
Sample

200914-7m27db3f3a
MD5

c251cf770b0bf17285ed119dc86164dd
SHA1

fc787c1d3dade5b3eeefd30257041f836abb8eda
SHA256

4aec2461eda1de35cd37c3d182e7d8d7ee6d4ad76c6f9ad3abd70c1fa61aed6f
SHA512

e99299ba08b62d7ecd5151fc623a8f86340b80df03b9b0bd7e621e99412b9a66ea6e85c7d65dd9321e00b45c5406b2e6b8d1cabbd12b3d50b231939dd842ba95

Score

10^/10

betabot backdoor botnet evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

Factura_pdf.exe

Resource

win7

evasion trojan backdoor botnet betabot persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Factura_pdf.exe

Resource

win10

evasion trojan persistence backdoor botnet betabot

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Factura_pdf.exe
- Size
  
  651KB
- MD5
  
  a9345ccbf5367e9cb23076e0268b6a05
- SHA1
  
  16f36de10d18cc7960fdcb2e2a8e02bb30c8033a
- SHA256
  
  c2eea0526fcd8596d700eb7001185ac149b232319e8268bce21ccfe4fd1d7500
- SHA512
  
  420b3e0542b531586a40ef404c5883957cfe23dc772aa8731ab4f4806754325cfd16670807c059ab0d3e89c1df957e337bc8c5407e32aa5107ca9d93139792f0
Score

10^/10

evasion trojan backdoor botnet betabot persistence
- BetaBot
  Beta Bot is a Trojan that infects computers and disables Antivirus.
  trojan backdoor botnet betabot
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasiontrojanbackdoorbotnetbetabotpersistence

behavioral2

evasiontrojanpersistencebackdoorbotnetbetabot

© 2018-2024

Terms | Privacy