Overview

overview

10

Static

static

5e37c410d8...ea.exe

windows7-x64

10

5e37c410d8...ea.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5e37c410d8a3c7888cf430a1d5fd4605e43ee889493b4687fff193cac1e5a9ea

  • Size

    497KB

  • Sample

    220731-zvvt6ahcer

  • MD5

    35cd90f09615b805acefdef9836c983f

  • SHA1

    2bb416ff8d866587504d22c5e3c74a5fc7afef1c

  • SHA256

    5e37c410d8a3c7888cf430a1d5fd4605e43ee889493b4687fff193cac1e5a9ea

  • SHA512

    a22728338da17ea992a3b16f8303768e53600c8af7194cf9ea15b5c4303d716be4beec6d7e44084b9b5fcada5992de49ddec7965666403939d03c74f0c8140e6

Score
10/10
betabotbackdoorbotnetevasionpersistencetrojan

Malware Config

Targets

    • Target

      5e37c410d8a3c7888cf430a1d5fd4605e43ee889493b4687fff193cac1e5a9ea

    • Size

      497KB

    • MD5

      35cd90f09615b805acefdef9836c983f

    • SHA1

      2bb416ff8d866587504d22c5e3c74a5fc7afef1c

    • SHA256

      5e37c410d8a3c7888cf430a1d5fd4605e43ee889493b4687fff193cac1e5a9ea

    • SHA512

      a22728338da17ea992a3b16f8303768e53600c8af7194cf9ea15b5c4303d716be4beec6d7e44084b9b5fcada5992de49ddec7965666403939d03c74f0c8140e6

    Score
    10/10
    betabotbackdoorbotnetevasionpersistencetrojan

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

      trojanbackdoorbotnetbetabot

    • Modifies firewall policy service

      evasion

    • Sets file execution options in registry

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

6
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks