Get a Pentest and security assessment of your IT network.

News

Betabot Process Injection

A few weeks ago I received a PE file (MD5: 34105EF38CEA1B4B2ABADD0CB3404E69) and was asked to figure out if it is related to the Betabot malware family. This sample was executed on a 32bit version of Windows XP SP3. It covers the initial execution of the dropper up to the point that a copy of itself is spawned. The malware uses CreateProcessW() to call itself. After calling CreateProcess, NtWriteVirtualMemory is used to write the UPX packed PE file into the spawned processs memory at 0x400000.”]

Source: https://blog.talosintelligence.com/2014/05/betabot-process-injection.html

Related posts
News

Ashley Madison 2.0 Hackers Leak 20GB Data Dump, Including CEO's Emails

News

Art of Twitter account hacking

News

Botnet authors use Evernote account as C&C Server

News

Canadian agency breached as hackers exploit CVE-2017-5638 flaw in Apache Struts 2