Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

fb0d706aff...18.exe

windows7-x64

10

fb0d706aff...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fb0d706affbf6c35cbda9fa434878e97_JaffaCakes118

  • Size

    498KB

  • Sample

    240927-2v9z7atfkp

  • MD5

    fb0d706affbf6c35cbda9fa434878e97

  • SHA1

    d999ebab7899829b43172335a0cf41932e5f80fc

  • SHA256

    40a17b2f80d0c6483797cd9c1b61370205c3dedf91d2f8f1d368218aa836e896

  • SHA512

    7d1e3dbb47a720b39f950c4cc3e15d863fbc6acced2477da1ba87a7dcbb570ab0147030e652c4f84ce37574577f90257aeb412e0135e6029d09a1b7ba98c14cd

  • SSDEEP

    12288:hKAIBUZJmywOb5esHnNXyNL4r4h/49siPFofw0m8vMZ:hKAVcsestiZm45SvyDra

Score
10/10
betabotbackdoorbotnetdefense_evasiondiscoveryevasionpersistencetrojan

Malware Config

Targets

    • Target

      fb0d706affbf6c35cbda9fa434878e97_JaffaCakes118

    • Size

      498KB

    • MD5

      fb0d706affbf6c35cbda9fa434878e97

    • SHA1

      d999ebab7899829b43172335a0cf41932e5f80fc

    • SHA256

      40a17b2f80d0c6483797cd9c1b61370205c3dedf91d2f8f1d368218aa836e896

    • SHA512

      7d1e3dbb47a720b39f950c4cc3e15d863fbc6acced2477da1ba87a7dcbb570ab0147030e652c4f84ce37574577f90257aeb412e0135e6029d09a1b7ba98c14cd

    • SSDEEP

      12288:hKAIBUZJmywOb5esHnNXyNL4r4h/49siPFofw0m8vMZ:hKAVcsestiZm45SvyDra

    Score
    10/10
    betabotbackdoorbotnetdefense_evasiondiscoveryevasionpersistencetrojan

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

      trojanbackdoorbotnetbetabot

    • Modifies firewall policy service

      evasion

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Indicator Removal: Clear Persistence

      remove IFEO.

      defense_evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Image File Execution Options Injection

1
T1546.012

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Image File Execution Options Injection

1
T1546.012

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Indicator Removal

1
T1070

Clear Persistence

1
T1070.009

Modify Registry

5
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.