betabot | 705662ead94a35c0ed94a959c96de51bef2fbe996dda6569cd90cfc65194fda3 | Triage

Submit
Reports

Overview

overview

Static

static

3

bb77ec808a...af.exe

windows7-x64

bb77ec808a...af.exe

windows10-2004-x64

Sharing

General

Target

bb77ec808a0d3dca791c2cc72d2020af
Size

144KB
Sample

231222-rj1bhagddp
MD5

bb77ec808a0d3dca791c2cc72d2020af
SHA1

4aa1f3abee7a2973419e264de3e58c26e6643752
SHA256

705662ead94a35c0ed94a959c96de51bef2fbe996dda6569cd90cfc65194fda3
SHA512

d417382cf812513ea8c688fbf4cdfa27394d1bf1d203f2947a53e7c9e36bf694a8e5acd8fc362694e9fd229fdf6240c13d39323b5657dffc2030453c4c486990
SSDEEP

3072:oZoPg8mxPh2FHWbk/4qzVzzpr5bRjRMkx:oiwhGKg7z11M

Score

10^/10

betabot smokeloader backdoor botnet evasion persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bb77ec808a0d3dca791c2cc72d2020af.exe

Resource

win7-20231215-en

betabot smokeloader backdoor botnet evasion persistence trojan

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

bb77ec808a0d3dca791c2cc72d2020af.exe

Resource

win10v2004-20231215-en

betabot smokeloader backdoor botnet evasion persistence trojan

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://varmisende.com/upload/

http://fernandomayol.com/upload/

http://nextlytm.com/upload/

http://people4jan.com/upload/

http://asfaltwerk.com/upload/

rc4.i32

rc4.i32

Targets

- Target
  
  bb77ec808a0d3dca791c2cc72d2020af
- Size
  
  144KB
- MD5
  
  bb77ec808a0d3dca791c2cc72d2020af
- SHA1
  
  4aa1f3abee7a2973419e264de3e58c26e6643752
- SHA256
  
  705662ead94a35c0ed94a959c96de51bef2fbe996dda6569cd90cfc65194fda3
- SHA512
  
  d417382cf812513ea8c688fbf4cdfa27394d1bf1d203f2947a53e7c9e36bf694a8e5acd8fc362694e9fd229fdf6240c13d39323b5657dffc2030453c4c486990
- SSDEEP
  
  3072:oZoPg8mxPh2FHWbk/4qzVzzpr5bRjRMkx:oiwhGKg7z11M
Score

10^/10

betabot smokeloader backdoor botnet evasion persistence trojan
- BetaBot
  Beta Bot is a Trojan that infects computers and disables Antivirus.
  trojan backdoor botnet betabot
- Modifies firewall policy service
  evasion
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Sets file execution options in registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

betabotsmokeloaderbackdoorbotnetevasionpersistencetrojan

behavioral2

betabotsmokeloaderbackdoorbotnetevasionpersistencetrojan

© 2018-2024

Terms | Privacy