betabot | ccab681baa683fa5d1bc2c11f786b67800eca96442ace9372c8dd5d31b5366e2 | Triage

Submit
Reports

Overview

overview

Static

static

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺ�...ฺฺ

windows10_x64

test

windows7_x64

ฺฺฺ....ฺฺ

windows10_x64

ฺฺฺ�...ฺฺ

windows10_x64

Resubmissions

15-02-2021 10:32

210215-rbd8jp8by2 10

15-02-2021 10:26

210215-1va7r5ahjn 10

Sharing

General

Target

e0a124e431d01bf7b194ad5a2f8c0435471c0e1b062e165c3db211186a1ea901.zip
Size

562KB
Sample

210215-rbd8jp8by2
MD5

3df357517581e10e783e463ba15cd99b
SHA1

68114772bcdfcc01b5f3272c7188658f3a5da32d
SHA256

ccab681baa683fa5d1bc2c11f786b67800eca96442ace9372c8dd5d31b5366e2
SHA512

b15cce78b00c47c48b47ebe131affa4a794e1cee2bf7850afdc304a3c57fd18c9897a502dee545160ecd8c78f0392047158785fe8b82d5ea35d7cafe7e807f49

Score

10^/10

betabot backdoor botnet evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

e0a124e431d01bf7b194ad5a2f8c0435471c0e1b062e165c3db211186a1ea901.exe

Resource

win10v20201028

betabot backdoor botnet evasion persistence trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e0a124e431d01bf7b194ad5a2f8c0435471c0e1b062e165c3db211186a1ea901.exe

Resource

win10v20201028

betabot backdoor botnet evasion persistence trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

e0a124e431d01bf7b194ad5a2f8c0435471c0e1b062e165c3db211186a1ea901.exe

Resource

win7v20201028

betabot backdoor botnet evasion persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

e0a124e431d01bf7b194ad5a2f8c0435471c0e1b062e165c3db211186a1ea901.exe

Resource

win10v20201028

betabot backdoor botnet evasion persistence trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral5

Sample

e0a124e431d01bf7b194ad5a2f8c0435471c0e1b062e165c3db211186a1ea901.exe

Resource

win10v20201028

betabot backdoor botnet evasion persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  e0a124e431d01bf7b194ad5a2f8c0435471c0e1b062e165c3db211186a1ea901
- Size
  
  698KB
- MD5
  
  f3e344b63fd98041b0551c0a329e85fb
- SHA1
  
  ac086b6e0b21648088c8d098c68adfab38927e61
- SHA256
  
  e0a124e431d01bf7b194ad5a2f8c0435471c0e1b062e165c3db211186a1ea901
- SHA512
  
  7ead065043f00dee8654f10c358448c9521a2825036cf4c09fbc9f334c9d3815f1cbaae722757968d1347f394da58fbd8aa35ac87c221079cdf0a765af0dfc5a
Score

10^/10

betabot backdoor botnet evasion persistence trojan
- BetaBot
  Beta Bot is a Trojan that infects computers and disables Antivirus.
  trojan backdoor botnet betabot
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4 behavioral5

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

betabotbackdoorbotnetevasionpersistencetrojan

behavioral2

betabotbackdoorbotnetevasionpersistencetrojan

behavioral3

betabotbackdoorbotnetevasionpersistencetrojan

behavioral4

betabotbackdoorbotnetevasionpersistencetrojan

behavioral5

betabotbackdoorbotnetevasionpersistencetrojan

© 2018-2024

Terms | Privacy