betabot | 273811e7b3de14abc8cfbbb28be4ab3c39922ff09c869f1a4b6b357577f0d374 | Triage

Submit
Reports

Overview

overview

Static

static

3fad84ee18...07.exe

windows7_x64

3fad84ee18...07.exe

windows10_x64

Sharing

General

Target

3fad84ee18e4583656019ae08b317607.exe
Size

709KB
Sample

210310-tksjsa4ck6
MD5

3fad84ee18e4583656019ae08b317607
SHA1

fb719a92039d2892fc6a7d91de15454554215543
SHA256

273811e7b3de14abc8cfbbb28be4ab3c39922ff09c869f1a4b6b357577f0d374
SHA512

496d0359641b844042af175ce4bda3801150af9ee720fad8d43a6a7cdf6ab4de96ac263525aa1c36dec89be71a71ce9f28b5a0017798b5c40ef8d2602bf66378

Score

10^/10

betabot backdoor botnet evasion persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

3fad84ee18e4583656019ae08b317607.exe

Resource

win7v20201028

betabot backdoor botnet evasion persistence spyware trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3fad84ee18e4583656019ae08b317607.exe

Resource

win10v20201028

betabot backdoor botnet evasion persistence spyware trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  3fad84ee18e4583656019ae08b317607.exe
- Size
  
  709KB
- MD5
  
  3fad84ee18e4583656019ae08b317607
- SHA1
  
  fb719a92039d2892fc6a7d91de15454554215543
- SHA256
  
  273811e7b3de14abc8cfbbb28be4ab3c39922ff09c869f1a4b6b357577f0d374
- SHA512
  
  496d0359641b844042af175ce4bda3801150af9ee720fad8d43a6a7cdf6ab4de96ac263525aa1c36dec89be71a71ce9f28b5a0017798b5c40ef8d2602bf66378
Score

10^/10

betabot backdoor botnet evasion persistence spyware trojan
- BetaBot
  Beta Bot is a Trojan that infects computers and disables Antivirus.
  trojan backdoor botnet betabot
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

betabotbackdoorbotnetevasionpersistencespywaretrojan

behavioral2

betabotbackdoorbotnetevasionpersistencespywaretrojan

© 2018-2024

Terms | Privacy