betabot | a606cc038ea51f1a3093199c2faaa5181ea983e7da03ad72287d4ff968c9c766 | Triage

Submit
Reports

Overview

overview

Static

static

file.exe

windows7_x64

file.exe

windows10_x64

Sharing

General

Target

file.exe
Size

308KB
Sample

201008-vxzzhb13q6
MD5

0d60363ed96a464ff943f7a5f8f4f1a9
SHA1

bf4e27ea98da9d4ee85f248e8c19e892dbcd964b
SHA256

a606cc038ea51f1a3093199c2faaa5181ea983e7da03ad72287d4ff968c9c766
SHA512

55ae2bbb7a95f0675783a3b39ee46f5a5a5f4464482f3edda091b77617334f4177c78e8af181f3d4f6b52cc6badfd514e754fb2c0ab06a502754c1a7d453d130

Score

10^/10

betabot backdoor botnet evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7

trojan backdoor botnet betabot persistence evasion

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10

trojan backdoor botnet betabot evasion persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  file.exe
- Size
  
  308KB
- MD5
  
  0d60363ed96a464ff943f7a5f8f4f1a9
- SHA1
  
  bf4e27ea98da9d4ee85f248e8c19e892dbcd964b
- SHA256
  
  a606cc038ea51f1a3093199c2faaa5181ea983e7da03ad72287d4ff968c9c766
- SHA512
  
  55ae2bbb7a95f0675783a3b39ee46f5a5a5f4464482f3edda091b77617334f4177c78e8af181f3d4f6b52cc6badfd514e754fb2c0ab06a502754c1a7d453d130
Score

10^/10

trojan backdoor botnet betabot persistence evasion
- BetaBot
  Beta Bot is a Trojan that infects computers and disables Antivirus.
  trojan backdoor botnet betabot
- Modifies firewall policy service
  evasion
- Sets file execution options in registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

trojanbackdoorbotnetbetabotpersistenceevasion

behavioral2

trojanbackdoorbotnetbetabotevasionpersistence

© 2018-2024

Terms | Privacy