betabot | 24f8ecc0a4f1dc86f9b9d2dd58d2fdbf6fc51deb617d63d5076ea94a5e1c5fe6 | Triage

Submit
Reports

Overview

overview

Static

static

3

648dcef19b...18.exe

windows7-x64

648dcef19b...18.exe

windows10-2004-x64

Sharing

General

Target

648dcef19bfcb78f42b17442c9546db4_JaffaCakes118
Size

292KB
Sample

240521-ylf4zagf8t
MD5

648dcef19bfcb78f42b17442c9546db4
SHA1

e82e601a066cc4f68d568740171247fdabd0d77f
SHA256

24f8ecc0a4f1dc86f9b9d2dd58d2fdbf6fc51deb617d63d5076ea94a5e1c5fe6
SHA512

c50afb3eecfccf1e6224921381f06ee69a01c948e2968863d9f74f653bf27aebe7032a049f57c9ea1dbe6eb2e1f2745f7c65adde00feb07e5c3ce6de3051e314
SSDEEP

6144:u+kAr8XmW9K7YBddThv2XHYN/e1l8D1QTwme:u+k7Ww8y2XHe/eHPI

Score

10^/10

betabot backdoor botnet evasion persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

648dcef19bfcb78f42b17442c9546db4_JaffaCakes118.exe

Resource

win7-20240508-en

betabot backdoor botnet evasion persistence trojan

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

648dcef19bfcb78f42b17442c9546db4_JaffaCakes118.exe

Resource

win10v2004-20240508-en

betabot backdoor botnet evasion persistence trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  648dcef19bfcb78f42b17442c9546db4_JaffaCakes118
- Size
  
  292KB
- MD5
  
  648dcef19bfcb78f42b17442c9546db4
- SHA1
  
  e82e601a066cc4f68d568740171247fdabd0d77f
- SHA256
  
  24f8ecc0a4f1dc86f9b9d2dd58d2fdbf6fc51deb617d63d5076ea94a5e1c5fe6
- SHA512
  
  c50afb3eecfccf1e6224921381f06ee69a01c948e2968863d9f74f653bf27aebe7032a049f57c9ea1dbe6eb2e1f2745f7c65adde00feb07e5c3ce6de3051e314
- SSDEEP
  
  6144:u+kAr8XmW9K7YBddThv2XHYN/e1l8D1QTwme:u+k7Ww8y2XHe/eHPI
Score

10^/10

betabot backdoor botnet evasion persistence trojan
- BetaBot
  Beta Bot is a Trojan that infects computers and disables Antivirus.
  trojan backdoor botnet betabot
- Modifies firewall policy service
  evasion
- Sets file execution options in registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

betabotbackdoorbotnetevasionpersistencetrojan

behavioral2

betabotbackdoorbotnetevasionpersistencetrojan

© 2018-2024

Terms | Privacy