betabot | 501a12070e9b88976668fe71f22b74eb94b3acdc15e28f651ee496d27b3e3e58 | Triage

Submit
Reports

Overview

overview

Static

static

501a12070e...58.exe

windows7-x64

501a12070e...58.exe

windows10-2004-x64

3

Sharing

General

Target

501a12070e9b88976668fe71f22b74eb94b3acdc15e28f651ee496d27b3e3e58
Size

636KB
Sample

220719-q7ffkadbe8
MD5

5ad17f673ae8220a7d6c4311e5ccebec
SHA1

7b3b40b2672682fa3159ee854571964dcf912f7d
SHA256

501a12070e9b88976668fe71f22b74eb94b3acdc15e28f651ee496d27b3e3e58
SHA512

d076a6b2a9a5a98074bda17df1cdc3056a14fa1ead49de13ce1ea778f8317b36393fda3c6656f8cc5b4ca7ea258775416ea9fe57a33049d17ba634827bd1ecf3

Score

10^/10

betabot backdoor botnet evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

501a12070e9b88976668fe71f22b74eb94b3acdc15e28f651ee496d27b3e3e58.exe

Resource

win7-20220718-en

betabot backdoor botnet evasion persistence trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

501a12070e9b88976668fe71f22b74eb94b3acdc15e28f651ee496d27b3e3e58.exe

Resource

win10v2004-20220718-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  501a12070e9b88976668fe71f22b74eb94b3acdc15e28f651ee496d27b3e3e58
- Size
  
  636KB
- MD5
  
  5ad17f673ae8220a7d6c4311e5ccebec
- SHA1
  
  7b3b40b2672682fa3159ee854571964dcf912f7d
- SHA256
  
  501a12070e9b88976668fe71f22b74eb94b3acdc15e28f651ee496d27b3e3e58
- SHA512
  
  d076a6b2a9a5a98074bda17df1cdc3056a14fa1ead49de13ce1ea778f8317b36393fda3c6656f8cc5b4ca7ea258775416ea9fe57a33049d17ba634827bd1ecf3
Score

10^/10

betabot backdoor botnet evasion persistence trojan
- BetaBot
  Beta Bot is a Trojan that infects computers and disables Antivirus.
  trojan backdoor botnet betabot
- Modifies firewall policy service
  evasion
- Sets file execution options in registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

betabotbackdoorbotnetevasionpersistencetrojan

behavioral2

© 2018-2024

Terms | Privacy