betabot | 458412e9c3954cb35d433c1347dd2349f823f6b92e0f63b19407527c81c5173a | Triage

Submit
Reports

Overview

overview

Static

static

458412e9c3...3a.exe

windows7_x64

458412e9c3...3a.exe

windows10-2004_x64

Sharing

General

Target

458412e9c3954cb35d433c1347dd2349f823f6b92e0f63b19407527c81c5173a
Size

676KB
Sample

220707-nt3mtsffan
MD5

8d2bedd39ea94e7fc099b5bf489eb37a
SHA1

fa80956af1e01ef7c0ab1bd984a3da58af64b8a8
SHA256

458412e9c3954cb35d433c1347dd2349f823f6b92e0f63b19407527c81c5173a
SHA512

c9cc02ef277910b51b36505a47d93feeac8d5fbb31c766df547a460c120e0d88863d28a134a423540f96e41066f8f8558b5b2401163c272db892709c8951202a

Score

10^/10

betabot backdoor botnet evasion persistence suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

458412e9c3954cb35d433c1347dd2349f823f6b92e0f63b19407527c81c5173a.exe

Resource

win7-20220414-en

betabot backdoor botnet evasion persistence suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

458412e9c3954cb35d433c1347dd2349f823f6b92e0f63b19407527c81c5173a.exe

Resource

win10v2004-20220414-en

betabot backdoor botnet evasion persistence trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  458412e9c3954cb35d433c1347dd2349f823f6b92e0f63b19407527c81c5173a
- Size
  
  676KB
- MD5
  
  8d2bedd39ea94e7fc099b5bf489eb37a
- SHA1
  
  fa80956af1e01ef7c0ab1bd984a3da58af64b8a8
- SHA256
  
  458412e9c3954cb35d433c1347dd2349f823f6b92e0f63b19407527c81c5173a
- SHA512
  
  c9cc02ef277910b51b36505a47d93feeac8d5fbb31c766df547a460c120e0d88863d28a134a423540f96e41066f8f8558b5b2401163c272db892709c8951202a
Score

10^/10

betabot backdoor botnet evasion persistence suricata trojan
- BetaBot
  Beta Bot is a Trojan that infects computers and disables Antivirus.
  trojan backdoor botnet betabot
- Modifies firewall policy service
  evasion
- suricata: ET MALWARE Win32/Neurevt.A/Betabot Check-in 4
  suricata: ET MALWARE Win32/Neurevt.A/Betabot Check-in 4
  suricata
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

betabotbackdoorbotnetevasionpersistencesuricatatrojan

behavioral2

betabotbackdoorbotnetevasionpersistencetrojan

© 2018-2024

Terms | Privacy