Overview

overview

10

Static

static

10

Pr0xyArmyBotnet.exe

windows7-x64

10

Pr0xyArmyBotnet.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Pr0xyArmyBotnet.EXE

  • Size

    967KB

  • Sample

    221226-vek8kagd4w

  • MD5

    5f0cff1fd12ac0fbfdc3dce891891d45

  • SHA1

    25b5afb0d88a43a7e98c615544c31b0b4b89b014

  • SHA256

    3f6e3f04c74d83d86ddef5779628f9764093e24f7c90c3470f62f1392708f7d5

  • SHA512

    d214d1f733f325fa1d2dc4f3307208c8d4e8a25cfd1db8db8c08823a5e7cd6b066e0363141695389bbfef796abc224519db5e69d42fc41b90811f489781b9f9c

  • SSDEEP

    24576:xNxsglIPAtgV+rnEQBg2AdqgwGd9OCPltP0gxkR3dCqJO5VxQ75SA1:57uKrnEQi2Ad/wQPLP0gx1qt5SA1

Score
10/10
plaguebotbotnet

Malware Config

Targets

    • Target

      Pr0xyArmyBotnet.EXE

    • Size

      967KB

    • MD5

      5f0cff1fd12ac0fbfdc3dce891891d45

    • SHA1

      25b5afb0d88a43a7e98c615544c31b0b4b89b014

    • SHA256

      3f6e3f04c74d83d86ddef5779628f9764093e24f7c90c3470f62f1392708f7d5

    • SHA512

      d214d1f733f325fa1d2dc4f3307208c8d4e8a25cfd1db8db8c08823a5e7cd6b066e0363141695389bbfef796abc224519db5e69d42fc41b90811f489781b9f9c

    • SSDEEP

      24576:xNxsglIPAtgV+rnEQBg2AdqgwGd9OCPltP0gxkR3dCqJO5VxQ75SA1:57uKrnEQi2Ad/wQPLP0gx1qt5SA1

    Score
    10/10
    plaguebotbotnet

    • PlagueBot

      PlagueBot is an open source Bot written in Pascal.

      botnetplaguebot

    • PlagueBot Executable

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks