betabot | 026c0beb61e11b1d6c3898bea7f5b94c30781b36ddf653afd81e9df1bbbf071b | Triage

Sharing

General

Target

026c0beb61e11b1d6c3898bea7f5b94c30781b36ddf653afd81e9df1bbbf071b
Size

2.5MB
Sample

250311-x4mh2a1rt8
MD5

26f91760c6d2ec209ccdbe3f1cdeaa55
SHA1

fbe0d0c2d2c873771a721dd846ffe3ad4755d486
SHA256

026c0beb61e11b1d6c3898bea7f5b94c30781b36ddf653afd81e9df1bbbf071b
SHA512

dc9f58edd64c4afcd31e3d8aee802bdfbe12ad2fa43656bc8aa0336a4c598ef344e4e0af83175b3f421c4e2deec004eb326abf1f07af2812eadbccbec167fbf7
SSDEEP

6144:Ht+K0/s9DUu0vlP55/X0i6s5R7n1LU+b:Hp0/YF0dxD6IRT1LU2

Score

10^/10

betabot backdoor botnet defense_evasion discovery persistence trojan

Malware Config

Targets

- Target
  
  026c0beb61e11b1d6c3898bea7f5b94c30781b36ddf653afd81e9df1bbbf071b
- Size
  
  2.5MB
- MD5
  
  26f91760c6d2ec209ccdbe3f1cdeaa55
- SHA1
  
  fbe0d0c2d2c873771a721dd846ffe3ad4755d486
- SHA256
  
  026c0beb61e11b1d6c3898bea7f5b94c30781b36ddf653afd81e9df1bbbf071b
- SHA512
  
  dc9f58edd64c4afcd31e3d8aee802bdfbe12ad2fa43656bc8aa0336a4c598ef344e4e0af83175b3f421c4e2deec004eb326abf1f07af2812eadbccbec167fbf7
- SSDEEP
  
  6144:Ht+K0/s9DUu0vlP55/X0i6s5R7n1LU+b:Hp0/YF0dxD6IRT1LU2
Score

10^/10

betabot backdoor botnet defense_evasion discovery persistence trojan
- BetaBot
  Beta Bot is a Trojan that infects computers and disables Antivirus.
  trojan backdoor botnet betabot
- Betabot family
  betabot
- Modifies firewall policy service
  defense_evasion
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  defense_evasion trojan
- Indicator Removal: Clear Persistence
  remove IFEO.
  defense_evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Image File Execution Options Injection

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Event Triggered Execution

Image File Execution Options Injection

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Indicator Removal

Clear Persistence

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

betabotbackdoorbotnetdefense_evasiondiscoverypersistencetrojan

behavioral2

betabotbackdoorbotnetdefense_evasiondiscoverypersistencetrojan