Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

8940ee6fe6...10.exe

windows7-x64

10

8940ee6fe6...10.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8940ee6fe6900beb6113cbd48e2f54f81e36b3806bbb6c73ae514982cc98a710.zip

  • Size

    735KB

  • Sample

    250128-q98vws1jes

  • MD5

    2881431ec401c97769deab2162ef3b7c

  • SHA1

    529ae605e3bd81f373278ce6cd0853bb07450ac6

  • SHA256

    790fe3f399f96a9588f57b1221259869bb506a009e79d947cb7ec633698d4243

  • SHA512

    8e5ecbaaf968ab08f3002f22075a06d05eb5d458dad66cf4351e7aaa74b84b18e48f92557931e8ec2f961a68bc766e21cfb5ef452e8c7162ba76f39c8007fda5

  • SSDEEP

    12288:vfYCjYoLEEjdYgkqjBh1zMV4JUwdgQu2g2R3Q/EX8UlfmNo+6H8iqmP9ybQssY:vfTLEEjDkaGC9dg8g2R3WEXFmCH/Zl/Y

Score
10/10
betabotbackdoorbotnetdefense_evasiondiscoverypersistencetrojan

Malware Config

Targets

    • Target

      8940ee6fe6900beb6113cbd48e2f54f81e36b3806bbb6c73ae514982cc98a710.exe

    • Size

      1.2MB

    • MD5

      24c7a082a3712ad00cea6f1bfee81f9c

    • SHA1

      67f06a9982358afdf69163b3fd642c231fa0a9c4

    • SHA256

      8940ee6fe6900beb6113cbd48e2f54f81e36b3806bbb6c73ae514982cc98a710

    • SHA512

      ad9097c842e517fa034e5abecb07851cad0d1e5c0433cc1765bf95ee20869d445290fc71e2d20bf7121f780c3336eb0c2397c20c7e8ee541dbf946061442b783

    • SSDEEP

      24576:q7kybXvovms3JuIfILdzxtJzJOJTe87RMMeQjm:KMZJuIwLdNtJzJOJTJeQS

    Score
    10/10
    betabotbackdoorbotnetdefense_evasiondiscoverypersistencetrojan

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

      trojanbackdoorbotnetbetabot

    • Betabot family

      betabot

    • Modifies firewall policy service

      defense_evasion

    • UAC bypass

      defense_evasiontrojan

    • Disables RegEdit via registry modification

      defense_evasion

    • Disables Task Manager via registry modification

      defense_evasion

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Looks for VMWare services registry key.

      defense_evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      defense_evasiontrojan

    • Indicator Removal: Clear Persistence

      remove IFEO.

      defense_evasion

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Image File Execution Options Injection

1
T1546.012

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Image File Execution Options Injection

1
T1546.012

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

2
T1562

Disable or Modify System Firewall

1
T1562.004

Disable or Modify Tools

1
T1562.001

Indicator Removal

1
T1070

Clear Persistence

1
T1070.009

Modify Registry

7
T1112

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Peripheral Device Discovery

2
T1120

Query Registry

6
T1012

System Information Discovery

8
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.