betabot | cccb98520d7b5747bbec8af8fcc1d245eaccea92a346c30309c3333519933451 | Triage

Submit
Reports

Overview

overview

Static

static

1

cccb98520d...51.exe

windows7-x64

cccb98520d...51.exe

windows10-2004-x64

Sharing

General

Target

cccb98520d7b5747bbec8af8fcc1d245eaccea92a346c30309c3333519933451
Size

270KB
Sample

221001-xms99acdfq
MD5

72a5fd774abbbcbdc38527826122b580
SHA1

08da270a2c68a7b113aaaee8b2cbffb7665163c9
SHA256

cccb98520d7b5747bbec8af8fcc1d245eaccea92a346c30309c3333519933451
SHA512

51abac0551b7e97c9691b0a2f821d22a258022c25dcc7c1c7bd6e873e658ea3bf7affdae06d8b6929e2473600c55abbc7a1b1decdd17b76e376b9c54eca6218f
SSDEEP

6144:LAsBZPuFKtb1svWp8uAUf2lNbhu1ZHqsM7hQzZT8PjUs:tUOb1svWpaUfgNbhu1csqu3s

Score

10^/10

betabot backdoor botnet evasion persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cccb98520d7b5747bbec8af8fcc1d245eaccea92a346c30309c3333519933451.exe

Resource

win7-20220901-en

betabot backdoor botnet evasion persistence trojan

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

cccb98520d7b5747bbec8af8fcc1d245eaccea92a346c30309c3333519933451.exe

Resource

win10v2004-20220901-en

betabot backdoor botnet evasion persistence trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  cccb98520d7b5747bbec8af8fcc1d245eaccea92a346c30309c3333519933451
- Size
  
  270KB
- MD5
  
  72a5fd774abbbcbdc38527826122b580
- SHA1
  
  08da270a2c68a7b113aaaee8b2cbffb7665163c9
- SHA256
  
  cccb98520d7b5747bbec8af8fcc1d245eaccea92a346c30309c3333519933451
- SHA512
  
  51abac0551b7e97c9691b0a2f821d22a258022c25dcc7c1c7bd6e873e658ea3bf7affdae06d8b6929e2473600c55abbc7a1b1decdd17b76e376b9c54eca6218f
- SSDEEP
  
  6144:LAsBZPuFKtb1svWp8uAUf2lNbhu1ZHqsM7hQzZT8PjUs:tUOb1svWpaUfgNbhu1csqu3s
Score

10^/10

betabot backdoor botnet evasion persistence trojan
- BetaBot
  Beta Bot is a Trojan that infects computers and disables Antivirus.
  trojan backdoor botnet betabot
- Modifies firewall policy service
  evasion
- Sets file execution options in registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

betabotbackdoorbotnetevasionpersistencetrojan

behavioral2

betabotbackdoorbotnetevasionpersistencetrojan

© 2018-2024

Terms | Privacy