betabot | 928d06ae692be5a216946aa53308e34b920cdd65eb1eb1f7aad9d4edf779c8b6 | Triage

Submit
Reports

Overview

overview

Static

static

1

a41a425b9a...18.exe

windows7-x64

a41a425b9a...18.exe

windows10-2004-x64

Sharing

General

Target

a41a425b9aa3dcb50ea244ff90cef59d_JaffaCakes118
Size

331KB
Sample

240613-gq7zta1anl
MD5

a41a425b9aa3dcb50ea244ff90cef59d
SHA1

2d1c8cfba8e5ef11a2a5144346f8102c3c9db805
SHA256

928d06ae692be5a216946aa53308e34b920cdd65eb1eb1f7aad9d4edf779c8b6
SHA512

6b82375eb4645cc8e615c4699fb4eeada8b4a0f50b89bd512810c9c1d643977ae1e5472ee2ea2d8cfb69133381120267db5cd863a10746843bed79e0d5a88334
SSDEEP

6144:R6tnHIghzbAam9iliAotWWfUwwQWzyq2L9OATfzSskQBi:+HrhzW3Jq49zfGQBi

Score

10^/10

betabot backdoor botnet evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

a41a425b9aa3dcb50ea244ff90cef59d_JaffaCakes118.exe

Resource

win7-20240508-en

betabot backdoor botnet evasion persistence trojan

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

a41a425b9aa3dcb50ea244ff90cef59d_JaffaCakes118.exe

Resource

win10v2004-20240508-en

betabot backdoor botnet evasion persistence trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  a41a425b9aa3dcb50ea244ff90cef59d_JaffaCakes118
- Size
  
  331KB
- MD5
  
  a41a425b9aa3dcb50ea244ff90cef59d
- SHA1
  
  2d1c8cfba8e5ef11a2a5144346f8102c3c9db805
- SHA256
  
  928d06ae692be5a216946aa53308e34b920cdd65eb1eb1f7aad9d4edf779c8b6
- SHA512
  
  6b82375eb4645cc8e615c4699fb4eeada8b4a0f50b89bd512810c9c1d643977ae1e5472ee2ea2d8cfb69133381120267db5cd863a10746843bed79e0d5a88334
- SSDEEP
  
  6144:R6tnHIghzbAam9iliAotWWfUwwQWzyq2L9OATfzSskQBi:+HrhzW3Jq49zfGQBi
Score

10^/10

betabot backdoor botnet evasion persistence trojan
- BetaBot
  Beta Bot is a Trojan that infects computers and disables Antivirus.
  trojan backdoor botnet betabot
- Modifies firewall policy service
  evasion
- Sets file execution options in registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

betabotbackdoorbotnetevasionpersistencetrojan

behavioral2

betabotbackdoorbotnetevasionpersistencetrojan

© 2018-2024

Terms | Privacy