betabot | c3757309489b02fcf7c63fab593e8c7e28f51ee08a837e4dd72875406bc83e98 | Triage

Submit
Reports

Overview

overview

Static

static

1

c375730948...98.exe

windows7-x64

c375730948...98.exe

windows10-2004-x64

Sharing

General

Target

c3757309489b02fcf7c63fab593e8c7e28f51ee08a837e4dd72875406bc83e98
Size

310KB
Sample

220724-y62leafbh4
MD5

adb2bc6fcdf4c4be6d6fc40c2a4fb741
SHA1

2079091af6ab817a2ba60b3b2ac85284139bbfba
SHA256

c3757309489b02fcf7c63fab593e8c7e28f51ee08a837e4dd72875406bc83e98
SHA512

ca34b22a39fc3d708fd7ade90c80dab181aa26b1c9f007390099aa2c799e6f3c36af1f5bb9f9c736caa00959cc334524ac67d8163e1c5c17a1762d94915b2a8e

Score

10^/10

betabot backdoor botnet evasion persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c3757309489b02fcf7c63fab593e8c7e28f51ee08a837e4dd72875406bc83e98.exe

Resource

win7-20220715-en

betabot backdoor botnet evasion persistence trojan

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

c3757309489b02fcf7c63fab593e8c7e28f51ee08a837e4dd72875406bc83e98.exe

Resource

win10v2004-20220721-en

betabot backdoor botnet evasion persistence trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  c3757309489b02fcf7c63fab593e8c7e28f51ee08a837e4dd72875406bc83e98
- Size
  
  310KB
- MD5
  
  adb2bc6fcdf4c4be6d6fc40c2a4fb741
- SHA1
  
  2079091af6ab817a2ba60b3b2ac85284139bbfba
- SHA256
  
  c3757309489b02fcf7c63fab593e8c7e28f51ee08a837e4dd72875406bc83e98
- SHA512
  
  ca34b22a39fc3d708fd7ade90c80dab181aa26b1c9f007390099aa2c799e6f3c36af1f5bb9f9c736caa00959cc334524ac67d8163e1c5c17a1762d94915b2a8e
Score

10^/10

betabot backdoor botnet evasion persistence trojan
- BetaBot
  Beta Bot is a Trojan that infects computers and disables Antivirus.
  trojan backdoor botnet betabot
- Modifies firewall policy service
  evasion
- Sets file execution options in registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

betabotbackdoorbotnetevasionpersistencetrojan

behavioral2

betabotbackdoorbotnetevasionpersistencetrojan

© 2018-2024

Terms | Privacy