betabot | 4f6475164641a853d65d964c6f5aa3743d8360f1ab70ecfdefa693f9375cfc3e | Triage

Submit
Reports

Overview

overview

Static

static

3

winprofile

windows7-x64

winprofile

windows10-1703-x64

1

Sharing

General

Target

4f6475164641a853d65d964c6f5aa3743d8360f1ab70ecfdefa693f9375cfc3e
Size

360KB
Sample

240129-fgtv6aadg2
MD5

34505b8c7b36b13e6f0861c6626f4e59
SHA1

d88c66638a7b99fad8df704c88ceb143cb75ddf1
SHA256

4f6475164641a853d65d964c6f5aa3743d8360f1ab70ecfdefa693f9375cfc3e
SHA512

c2bce916ab34ff31cc06d32afa72d0bdd45ce83b7b6d98a40066800fd66acc62ef46647d65a1271e6c11eb13f363f5160bbacad8ce9c7406bd8e0c727c37d8ca
SSDEEP

6144:9/+Rtc4FksgTOzEV6zs1hfk8MIcG1Zb7d+0PuSCU4CzmJkdVds:Vh4FkRTOzEV6zs1hfk8oYVd+Dj4mYVds

Score

10^/10

betabot backdoor botnet evasion persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4f6475164641a853d65d964c6f5aa3743d8360f1ab70ecfdefa693f9375cfc3e.exe

Resource

win7-20231215-en

betabot backdoor botnet evasion persistence trojan

windows7-x64

28 signatures

300 seconds

Behavioral task

behavioral2

Sample

4f6475164641a853d65d964c6f5aa3743d8360f1ab70ecfdefa693f9375cfc3e.exe

Resource

win10-20231215-en

windows10-1703-x64

0 signatures

300 seconds

Malware Config

Targets

- Target
  
  4f6475164641a853d65d964c6f5aa3743d8360f1ab70ecfdefa693f9375cfc3e
- Size
  
  360KB
- MD5
  
  34505b8c7b36b13e6f0861c6626f4e59
- SHA1
  
  d88c66638a7b99fad8df704c88ceb143cb75ddf1
- SHA256
  
  4f6475164641a853d65d964c6f5aa3743d8360f1ab70ecfdefa693f9375cfc3e
- SHA512
  
  c2bce916ab34ff31cc06d32afa72d0bdd45ce83b7b6d98a40066800fd66acc62ef46647d65a1271e6c11eb13f363f5160bbacad8ce9c7406bd8e0c727c37d8ca
- SSDEEP
  
  6144:9/+Rtc4FksgTOzEV6zs1hfk8MIcG1Zb7d+0PuSCU4CzmJkdVds:Vh4FkRTOzEV6zs1hfk8oYVd+Dj4mYVds
Score

10^/10

betabot backdoor botnet evasion persistence trojan
- BetaBot
  Beta Bot is a Trojan that infects computers and disables Antivirus.
  trojan backdoor botnet betabot
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Disables taskbar notifications via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Sets file execution options in registry
  persistence
- Sets service image path in registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Resource Development

Reconnaissance

Tasks

static1

behavioral1

betabotbackdoorbotnetevasionpersistencetrojan

behavioral2

© 2018-2024

Terms | Privacy