betabot | db726961f1431fd7343b23e90a146a7fd19233d4980815f2d68d50c36bc1175d | Triage

Submit
Reports

Overview

overview

Static

static

3

990a6d8f56...ba.exe

windows7-x64

990a6d8f56...ba.exe

windows10-2004-x64

Sharing

General

Target

990a6d8f565a8df63234c7a9faabe6ba.exe
Size

290KB
Sample

240112-mwnq1sfbh5
MD5

990a6d8f565a8df63234c7a9faabe6ba
SHA1

328558357bbbafd16fad998fabb4e03c328900e9
SHA256

db726961f1431fd7343b23e90a146a7fd19233d4980815f2d68d50c36bc1175d
SHA512

2ae5bc20ee6b6a91662cc3d49433c7354fb8a0f3bdfb224d5da2820e6e637fb886279d6fca0b17bafa5bf991dfa9a3a4179ae9f9ba09b3f8bb04f626ea8eeabe
SSDEEP

3072:jec4fYwGFV04Lr70+sJiaUEvhqwuFVEYWQzkWl+tyYA5gi9/6NmJ5b4cQ4bRXp6h:jec43GFV04LNzEw9EYW8+lA/6+bRXMA

Score

10^/10

betabot smokeloader up3 backdoor botnet evasion persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

990a6d8f565a8df63234c7a9faabe6ba.exe

Resource

win7-20231129-en

smokeloader up3 backdoor evasion trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

990a6d8f565a8df63234c7a9faabe6ba.exe

Resource

win10v2004-20231222-en

betabot smokeloader up3 backdoor botnet evasion persistence trojan

windows10-2004-x64

28 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

rc4.i32

Targets

- Target
  
  990a6d8f565a8df63234c7a9faabe6ba.exe
- Size
  
  290KB
- MD5
  
  990a6d8f565a8df63234c7a9faabe6ba
- SHA1
  
  328558357bbbafd16fad998fabb4e03c328900e9
- SHA256
  
  db726961f1431fd7343b23e90a146a7fd19233d4980815f2d68d50c36bc1175d
- SHA512
  
  2ae5bc20ee6b6a91662cc3d49433c7354fb8a0f3bdfb224d5da2820e6e637fb886279d6fca0b17bafa5bf991dfa9a3a4179ae9f9ba09b3f8bb04f626ea8eeabe
- SSDEEP
  
  3072:jec4fYwGFV04Lr70+sJiaUEvhqwuFVEYWQzkWl+tyYA5gi9/6NmJ5b4cQ4bRXp6h:jec43GFV04LNzEw9EYW8+lA/6+bRXMA
Score

10^/10

smokeloader up3 backdoor evasion trojan betabot botnet persistence
- BetaBot
  Beta Bot is a Trojan that infects computers and disables Antivirus.
  trojan backdoor botnet betabot
- Modifies firewall policy service
  evasion
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Sets file execution options in registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderup3backdoorevasiontrojan

behavioral2

betabotsmokeloaderup3backdoorbotnetevasionpersistencetrojan

© 2018-2024

Terms | Privacy