betabot | e5b01cd00c400a4587db5d160b1380baf51684deed80b49934bcaf00bd9796aa | Triage

Submit
Reports

Overview

overview

Static

static

3

e5b01cd00c...aa.exe

windows7-x64

e5b01cd00c...aa.exe

windows10-2004-x64

Sharing

General

Target

e5b01cd00c400a4587db5d160b1380baf51684deed80b49934bcaf00bd9796aa.exe
Size

311KB
Sample

240111-y1q8gsffdm
MD5

ad3d9d31919b2727b2a4678d3c37affd
SHA1

1044bf1d3ac8b6193541acbbb4a0e576854cc8f1
SHA256

e5b01cd00c400a4587db5d160b1380baf51684deed80b49934bcaf00bd9796aa
SHA512

5c645773e7f1bdd12bfe65442b277d24aedd7bcd3ef80b91e4f3e720dc4bd07ce0e51edf7e70c2c7ec767ad5bc6cefbef5be3d7e8092ddbd3f09a02d354c64fd
SSDEEP

3072:IT8Sq3LCwn/MOozAPDRK3ZCQXd0odbHLIviqj365uSR3lDbo5k9I3V2DaFwj0:mfSLChTAP1qCQXdF9rIvVSRLm3gb

Score

10^/10

betabot smokeloader up3 backdoor botnet evasion persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e5b01cd00c400a4587db5d160b1380baf51684deed80b49934bcaf00bd9796aa.exe

Resource

win7-20231215-en

betabot smokeloader up3 backdoor botnet evasion persistence trojan

windows7-x64

27 signatures

150 seconds

Behavioral task

behavioral2

Sample

e5b01cd00c400a4587db5d160b1380baf51684deed80b49934bcaf00bd9796aa.exe

Resource

win10v2004-20231215-en

betabot smokeloader up3 backdoor botnet evasion persistence trojan

windows10-2004-x64

27 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  e5b01cd00c400a4587db5d160b1380baf51684deed80b49934bcaf00bd9796aa.exe
- Size
  
  311KB
- MD5
  
  ad3d9d31919b2727b2a4678d3c37affd
- SHA1
  
  1044bf1d3ac8b6193541acbbb4a0e576854cc8f1
- SHA256
  
  e5b01cd00c400a4587db5d160b1380baf51684deed80b49934bcaf00bd9796aa
- SHA512
  
  5c645773e7f1bdd12bfe65442b277d24aedd7bcd3ef80b91e4f3e720dc4bd07ce0e51edf7e70c2c7ec767ad5bc6cefbef5be3d7e8092ddbd3f09a02d354c64fd
- SSDEEP
  
  3072:IT8Sq3LCwn/MOozAPDRK3ZCQXd0odbHLIviqj365uSR3lDbo5k9I3V2DaFwj0:mfSLChTAP1qCQXdF9rIvVSRLm3gb
Score

10^/10

betabot smokeloader up3 backdoor botnet evasion persistence trojan
- BetaBot
  Beta Bot is a Trojan that infects computers and disables Antivirus.
  trojan backdoor botnet betabot
- Modifies firewall policy service
  evasion
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Sets file execution options in registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Software Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

betabotsmokeloaderup3backdoorbotnetevasionpersistencetrojan

behavioral2

betabotsmokeloaderup3backdoorbotnetevasionpersistencetrojan

© 2018-2024

Terms | Privacy