betabot | 4efd9a3fa2d25d6706213feb3299dd0f73777aad01217b9e3df046064fdbbb7e | Triage

Submit
Reports

Overview

overview

Static

static

Documento-...in.exe

windows7_x64

Documento-...in.exe

windows10_x64

Sharing

General

Target

Documento--SII--33875.bin
Size

833KB
Sample

210310-blja9hjpae
MD5

2ced2c14eece71c72c5e45e8a607bb4c
SHA1

13a700a297a7e5697d69bb743c3b256ac10a14e2
SHA256

4efd9a3fa2d25d6706213feb3299dd0f73777aad01217b9e3df046064fdbbb7e
SHA512

199cb38d7f20f64b30d2cb2ba56dab6c0d3b2685d85a990c085060752071b9620d131c5c25bba9b3140c9816ae3515d6b7dbf794d3dd71db15bb8d3f4eb04f06

Score

10^/10

betabot backdoor botnet evasion persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

Documento--SII--33875.bin.exe

Resource

win7v20201028

betabot backdoor botnet evasion persistence spyware trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Documento--SII--33875.bin.exe

Resource

win10v20201028

betabot backdoor botnet evasion persistence spyware trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Documento--SII--33875.bin
- Size
  
  833KB
- MD5
  
  2ced2c14eece71c72c5e45e8a607bb4c
- SHA1
  
  13a700a297a7e5697d69bb743c3b256ac10a14e2
- SHA256
  
  4efd9a3fa2d25d6706213feb3299dd0f73777aad01217b9e3df046064fdbbb7e
- SHA512
  
  199cb38d7f20f64b30d2cb2ba56dab6c0d3b2685d85a990c085060752071b9620d131c5c25bba9b3140c9816ae3515d6b7dbf794d3dd71db15bb8d3f4eb04f06
Score

10^/10

betabot backdoor botnet evasion persistence spyware trojan
- BetaBot
  Beta Bot is a Trojan that infects computers and disables Antivirus.
  trojan backdoor botnet betabot
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

betabotbackdoorbotnetevasionpersistencespywaretrojan

behavioral2

betabotbackdoorbotnetevasionpersistencespywaretrojan

© 2018-2024

Terms | Privacy