betabot | 3f25ead47c02ac5c60abcdf383ef671e7cb17ca3f8ace809156fcfef1d98284f | Triage

Submit
Reports

Overview

overview

Static

static

3f25ead47c...4f.exe

windows7-x64

3f25ead47c...4f.exe

windows10-2004-x64

5

Sharing

General

Target

3f25ead47c02ac5c60abcdf383ef671e7cb17ca3f8ace809156fcfef1d98284f
Size

355KB
Sample

221022-dlw5zaacf8
MD5

2c22549d2d7af6aa04be39aec6ed6728
SHA1

88048d5970ab122865986928c79ff325718b800d
SHA256

3f25ead47c02ac5c60abcdf383ef671e7cb17ca3f8ace809156fcfef1d98284f
SHA512

a8294d4e4ac470e663504a3b8f26922e2a26d84de9c0994a5bdf7d42f3e6de27de9217650f37a86d5e62167c78af7ebb9bf7682aff6ec2db1c113cfc1198e18a
SSDEEP

6144:I+Fr28zgTISlsQ3+06nTgqG/AW0LTOQJUudpZK:TFrrzlmLwst/AH/lJzdpZ

Score

10^/10

betabot backdoor botnet evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

3f25ead47c02ac5c60abcdf383ef671e7cb17ca3f8ace809156fcfef1d98284f.exe

Resource

win7-20220812-en

betabot backdoor botnet evasion persistence trojan

windows7-x64

13 signatures

10 seconds

Behavioral task

behavioral2

Sample

3f25ead47c02ac5c60abcdf383ef671e7cb17ca3f8ace809156fcfef1d98284f.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

10 seconds

Malware Config

Targets

- Target
  
  3f25ead47c02ac5c60abcdf383ef671e7cb17ca3f8ace809156fcfef1d98284f
- Size
  
  355KB
- MD5
  
  2c22549d2d7af6aa04be39aec6ed6728
- SHA1
  
  88048d5970ab122865986928c79ff325718b800d
- SHA256
  
  3f25ead47c02ac5c60abcdf383ef671e7cb17ca3f8ace809156fcfef1d98284f
- SHA512
  
  a8294d4e4ac470e663504a3b8f26922e2a26d84de9c0994a5bdf7d42f3e6de27de9217650f37a86d5e62167c78af7ebb9bf7682aff6ec2db1c113cfc1198e18a
- SSDEEP
  
  6144:I+Fr28zgTISlsQ3+06nTgqG/AW0LTOQJUudpZK:TFrrzlmLwst/AH/lJzdpZ
Score

10^/10

betabot backdoor botnet evasion persistence trojan
- BetaBot
  Beta Bot is a Trojan that infects computers and disables Antivirus.
  trojan backdoor botnet betabot
- Modifies firewall policy service
  evasion
- Sets file execution options in registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

betabotbackdoorbotnetevasionpersistencetrojan

behavioral2

© 2018-2024

Terms | Privacy