#betabot

Lot's going on in this #opendir http://www.apl.com [.]pk/backup/updraft A #dropper, #betabot, and a couple #coinminer betabot c2 is microsup[.]ru cc @benkow_ @Xylit0l @Anti_Expl0it @h3x2b @cocaman pic.twitter.com/in5Jr3np8O

#betabot #processinjection #malware .sitioweb.wbline.xyz/ReciboCFEJUNIO2018-.zip dumped: https://www.virustotal.com/#/file/1fef13de646fd0875f573a63897235035ec66b1e8d460df1b1769a7f580dbf6a/community … injected code into explorer: https://www.virustotal.com/#/file/86e6de9f5f37084c705ce8a944a2e2a6b666cad4aac9047b8441fe3301959c30/detection … string: FZSABTGPIEzy|v|pfIX|vgzfzsaIB|{qzbfIftspgIvzqp|qp{a|s|pgf C2: /Panel/order.php?id= Host: 81.4.122.206pic.twitter.com/PDzHSdvhnk

#malspam rtf with embedded #betabot...looks like the same deployment kit as that #formbook from yesterday c2 is airmarketsexpresltd[.]com/air/ltd/ https://app.any.run/tasks/0c68a2a3-7263-456b-8abb-671bba795d72 … and #opendir cc @benkow_ @Xylit0l @Anti_Expl0it @h3x2b @cocaman pic.twitter.com/9A9E1oxPnI

#rtf #exploit #CVE -2018-0802 #betabot from spam mail https://app.any.run/tasks/db463166-e9cb-4e23-82eb-d03b0dbd0693 … https://app.any.run/tasks/213a73fe-8282-470f-ab07-1d00ca0a2091 … /trashbin.pw/bin/p/logout.php? @James_inthe_box @VK_Intel @VirITeXplorer @malwrhunterteampic.twitter.com/UFiE58a3bA

Found a #maldoc #threadkit -> #betabot hxxp://trashbin[.]pw/bin/p/logout.php hxxp://www[.]gallerdo.[i]nfo/d7/config.php?account=diego https://app.any.run/tasks/8e2865d2-39e5-45d1-9514-ec5b37257d03 …pic.twitter.com/iN14WjfF3h

#Hawkminer #miner #Betabot #opendir https://packettotal.com/app/analysis?id=49a5b5f7c2ac081219f75700e90b9629 … https://packettotal.com/app/analysis?id=d328969411434ab9b97bd4e43c537a1c … https://packettotal.com/app/analysis?id=7539a45812cee20c034bae59af9195aa … https://packettotal.com/app/analysis?id=3832dcf3b913fb1b2926213e98ed4145 … full report: https://pastebin.com/T9u9ptqp  cc @malwrhunterteam @JAMESWT_MHT @securitydoggo @douglasmun @SohnVonErde @cocaman @AdwareHunterpic.twitter.com/PS8l64qHH3

5.8.88[.]175 - Open Dir - Active C2 Lokibot Panel + #malware (probably #Betabot) pic.twitter.com/4iW0bbKTcr

#BetaBot Panel Samples: fia2.exe 633c7b38a082cb411910b8599375d399 ybh.exe ee589377cc29dba268454e5ab9f0c7f5 windowsexplorer.exe d85a3110d22e346026fb5dd27f2efcbe pic.twitter.com/qpGbtr5TtU

#BetaBot + #ISRStealer #Malware C2 Panels See: https://pastebin.com/3yryWRaz  cc: @benkow_ @Xylit0l @malwrhunterteampic.twitter.com/SB2VjDtxUj

#neuvert #betabot #rms https://www.virustotal.com/en/file/8250a6d411738754452284f21e7db1cb3228bcd128a7867023d19509aedbc18b/analysis/ … -> https://www.virustotal.com/en/file/25567135ec1b3375d957d61f20e39b7a442b5a87f3f3591f67d47a1441455585/analysis/1508426901/ … https://www.virustotal.com/en/file/7cf208b9fdfe820f9d9224f42183d5d62fd3c6a2a3662931cb399f55eed5a699/analysis/ … @0x7fff9 @azsxdvfbg @James_inthe_boxpic.twitter.com/hAjdHty6KY

IDN homograph attack leverages Adobe's name, spreads a fake Flash Player + #BetaBot Trojan - http://bit.ly/2xPyxXN pic.twitter.com/0EhWGod51I

Let's learn: Reversing #Betabot #Trojan (CREATE_SUSPENDED) | anti-analysis | btc-miner | anti-VM | anti-AV | https://www.vkremez.com/2017/07/lets-learn-reversing-packed-betabot.html …pic.twitter.com/R9xqgP5Pgh

@James_inthe_box @JAMESWT_MHT @malwrhunterteam Activity again from the site that was used to distribute #BetaBot the past weeks. pic.twitter.com/wGJBqCrLz3

#SolarBot #Stealer #Betabot Worst french crooks ever... payloads: http://185.13.38.\130/dl/ pic.twitter.com/Pfr3Lfx7ox

Wait, if LC is on the field.. Who is manning the dropship?!?! #BetaBot @Hyper_RPG #DFApic.twitter.com/8xFotwOtFq