betabot | 21a3403e49ae025b38441ee648e8eebf5b99b7c24226b968f2b38a4ce66ed431 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

21a3403e49ae025b38441ee648e8eebf5b99b7c24226b968f2b38a4ce66ed431
Size

219KB
Sample

240108-ffaqwscda6
MD5

71c0797d060ae8a45196a9336fbf7b5d
SHA1

a2838790fa259240e53207be47535d0f89d15f40
SHA256

21a3403e49ae025b38441ee648e8eebf5b99b7c24226b968f2b38a4ce66ed431
SHA512

2c2ae9c6510408b17a77e3ac1623a550784d2002fcaea4bf75372aeabb06a430cbe7f5543fd9631c92a545a0817f007fb65d192d75c35239c3bbb7a906fb48d9
SSDEEP

3072:s9L3vACvLJiX7ezDwPh0jb4rVyYI08+Yi1DrRlWwgvXF/LwHO1/D:s9L3Xv5cPhSoVyYI+KwgdDwHa

Score

10^/10

betabot smokeloader pub1 backdoor botnet evasion persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

21a3403e49ae025b38441ee648e8eebf5b99b7c24226b968f2b38a4ce66ed431.exe

Resource

win7-20231129-en

betabot smokeloader pub1 backdoor botnet evasion persistence trojan

windows7-x64

18 signatures

300 seconds

Behavioral task

behavioral2

Sample

21a3403e49ae025b38441ee648e8eebf5b99b7c24226b968f2b38a4ce66ed431.exe

Resource

win10-20231220-en

smokeloader pub1 backdoor trojan

windows10-1703-x64

11 signatures

300 seconds

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  21a3403e49ae025b38441ee648e8eebf5b99b7c24226b968f2b38a4ce66ed431
- Size
  
  219KB
- MD5
  
  71c0797d060ae8a45196a9336fbf7b5d
- SHA1
  
  a2838790fa259240e53207be47535d0f89d15f40
- SHA256
  
  21a3403e49ae025b38441ee648e8eebf5b99b7c24226b968f2b38a4ce66ed431
- SHA512
  
  2c2ae9c6510408b17a77e3ac1623a550784d2002fcaea4bf75372aeabb06a430cbe7f5543fd9631c92a545a0817f007fb65d192d75c35239c3bbb7a906fb48d9
- SSDEEP
  
  3072:s9L3vACvLJiX7ezDwPh0jb4rVyYI08+Yi1DrRlWwgvXF/LwHO1/D:s9L3Xv5cPhSoVyYI+KwgdDwHa
Score

10^/10

betabot smokeloader pub1 backdoor botnet evasion persistence trojan
- BetaBot
  Beta Bot is a Trojan that infects computers and disables Antivirus.
  trojan backdoor botnet betabot
- Modifies firewall policy service
  evasion
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Sets file execution options in registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
- Executes dropped EXE
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

betabotsmokeloaderpub1backdoorbotnetevasionpersistencetrojan

behavioral2

smokeloaderpub1backdoortrojan

© 2018-2025

Terms | Privacy